JBossWS SVN: r19689 - api/trunk.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-23 10:24:42 -0400 (Thu, 23 Apr 2015)
New Revision: 19689
Modified:
api/trunk/pom.xml
Log:
Preparing for tagging jbossws-api 1.0.3.Final
Modified: api/trunk/pom.xml
===================================================================
--- api/trunk/pom.xml 2015-04-23 14:22:31 UTC (rev 19688)
+++ api/trunk/pom.xml 2015-04-23 14:24:42 UTC (rev 19689)
@@ -7,7 +7,7 @@
<packaging>jar</packaging>
<description>JBossWS API</description>
- <version>1.0.3-SNAPSHOT</version>
+ <version>1.0.3.Final</version>
<!-- Parent -->
<parent>
@@ -18,9 +18,9 @@
<!-- Source Control Management -->
<scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/api/trunk</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/api/trunk</developerConnection>
- <url>http://fisheye.jboss.com/viewrep/JBossWS/api/trunk</url>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/api/tags/jbossws-api-1.0.3...</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/api/tags/jbossws-api-1.0.3.Final</developerConnection>
+ <url>http://fisheye.jboss.com/viewrep/JBossWS/api/tags/jbossws-api-1.0.3.Final</url>
</scm>
<properties>
9 years
- 1
- 0
JBossWS SVN: r19688 - api/trunk.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-23 10:22:31 -0400 (Thu, 23 Apr 2015)
New Revision: 19688
Modified:
api/trunk/pom.xml
Log:
Use latest parent
Modified: api/trunk/pom.xml
===================================================================
--- api/trunk/pom.xml 2015-04-23 14:14:52 UTC (rev 19687)
+++ api/trunk/pom.xml 2015-04-23 14:22:31 UTC (rev 19688)
@@ -13,7 +13,7 @@
<parent>
<groupId>org.jboss.ws</groupId>
<artifactId>jbossws-parent</artifactId>
- <version>1.2.0.CR1</version>
+ <version>1.2.0.Final</version>
</parent>
<!-- Source Control Management -->
9 years
- 1
- 0
JBossWS SVN: r19687 - maven/parent/trunk.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-23 10:14:52 -0400 (Thu, 23 Apr 2015)
New Revision: 19687
Modified:
maven/parent/trunk/pom.xml
Log:
Preparing for next dev cycle
Modified: maven/parent/trunk/pom.xml
===================================================================
--- maven/parent/trunk/pom.xml 2015-04-23 14:05:49 UTC (rev 19686)
+++ maven/parent/trunk/pom.xml 2015-04-23 14:14:52 UTC (rev 19687)
@@ -8,7 +8,7 @@
<packaging>pom</packaging>
<description>Maven parent for JBossWS artifacts</description>
- <version>1.2.0.Final</version>
+ <version>1.3.0-SNAPSHOT</version>
<organization>
<name>JBoss, by Red Hat</name>
@@ -19,9 +19,9 @@
<!-- Source Control Management -->
<scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/maven/parent/tags/jbossws-...</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/maven/parent/tags/jbossws-par...</developerConnection>
- <url>http://fisheye.jboss.com/viewrep/JBossWS/maven/parent/tags/jbossws-parent...</url>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/maven/parent/trunk</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/maven/parent/trunk</developerConnection>
+ <url>http://fisheye.jboss.com/viewrep/JBossWS/maven/parent/trunk</url>
</scm>
<developers>
9 years
- 1
- 0
JBossWS SVN: r19686 - maven/parent/tags.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-23 10:05:49 -0400 (Thu, 23 Apr 2015)
New Revision: 19686
Added:
maven/parent/tags/jbossws-parent-1.2.0.Final/
Log:
Tagging jbossws-parent 1.2.0.Final
9 years
- 1
- 0
JBossWS SVN: r19685 - maven/parent/trunk.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-23 09:56:45 -0400 (Thu, 23 Apr 2015)
New Revision: 19685
Modified:
maven/parent/trunk/pom.xml
Log:
Preparing for tagging jbossws-parent 1.2.0.Final
Modified: maven/parent/trunk/pom.xml
===================================================================
--- maven/parent/trunk/pom.xml 2015-04-23 12:38:25 UTC (rev 19684)
+++ maven/parent/trunk/pom.xml 2015-04-23 13:56:45 UTC (rev 19685)
@@ -8,7 +8,7 @@
<packaging>pom</packaging>
<description>Maven parent for JBossWS artifacts</description>
- <version>1.2.0-SNAPSHOT</version>
+ <version>1.2.0.Final</version>
<organization>
<name>JBoss, by Red Hat</name>
@@ -19,9 +19,9 @@
<!-- Source Control Management -->
<scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/maven/parent/trunk</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/maven/parent/trunk</developerConnection>
- <url>http://fisheye.jboss.com/viewrep/JBossWS/maven/parent/trunk</url>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/maven/parent/tags/jbossws-...</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/maven/parent/tags/jbossws-par...</developerConnection>
+ <url>http://fisheye.jboss.com/viewrep/JBossWS/maven/parent/tags/jbossws-parent...</url>
</scm>
<developers>
9 years
- 1
- 0
JBossWS SVN: r19684 - stack/cxf/trunk/modules/dist/src/main/doc.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-23 08:38:25 -0400 (Thu, 23 Apr 2015)
New Revision: 19684
Added:
stack/cxf/trunk/modules/dist/src/main/doc/chapter-8-Build_and_testsuite_framework.xml
Modified:
stack/cxf/trunk/modules/dist/src/main/doc/Book_Info.xml
stack/cxf/trunk/modules/dist/src/main/doc/JBossWS-CXF.xml
stack/cxf/trunk/modules/dist/src/main/doc/Revision_History.xml
stack/cxf/trunk/modules/dist/src/main/doc/chapter-2-Quick_Start.xml
stack/cxf/trunk/modules/dist/src/main/doc/chapter-3-JAX_WS_User_Guide.xml
stack/cxf/trunk/modules/dist/src/main/doc/chapter-4-JAX_WS_Tools.xml
stack/cxf/trunk/modules/dist/src/main/doc/chapter-5-Advanced_User_Guide.xml
stack/cxf/trunk/modules/dist/src/main/doc/chapter-6-JBoss_Modules.xml
Log:
Updating release documentation
Modified: stack/cxf/trunk/modules/dist/src/main/doc/Book_Info.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/Book_Info.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/Book_Info.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -4,7 +4,7 @@
<title>JBoss Web Services Documentation</title>
<!--<subtitle></subtitle>-->
<productname>JBossWS - CXF</productname>
- <productnumber>4.3.0.Final</productnumber>
+ <productnumber>5.0.0.Final</productnumber>
<!-- <edition>ToDo</edition>
<pubsnumber>ToDo</pubsnumber> -->
<abstract>
Modified: stack/cxf/trunk/modules/dist/src/main/doc/JBossWS-CXF.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/JBossWS-CXF.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/JBossWS-CXF.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -10,6 +10,7 @@
<xi:include href="chapter-5-Advanced_User_Guide.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="chapter-6-JBoss_Modules.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="chapter-7-Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="chapter-8-Build_and_testsuite_framework.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Revision_History.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
</book>
Modified: stack/cxf/trunk/modules/dist/src/main/doc/Revision_History.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/Revision_History.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/Revision_History.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -116,6 +116,20 @@
</simplelist>
</revdescription>
</revision>
+ <revision>
+ <revnumber>5.0.0</revnumber>
+ <date>Fri Apr 23 2015</date>
+ <author>
+ <firstname>Alessio</firstname>
+ <surname>Soldano</surname>
+ <email>alessio.soldano(a)jboss.com</email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>JBossWS-CXF 5.0.0 documentation</member>
+ </simplelist>
+ </revdescription>
+ </revision>
</revhistory>
</simpara>
</appendix>
Modified: stack/cxf/trunk/modules/dist/src/main/doc/chapter-2-Quick_Start.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/chapter-2-Quick_Start.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/chapter-2-Quick_Start.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -4,7 +4,7 @@
<title>Quick Start</title>
<para>
- JBossWS uses the JBoss Application Server as its target container. The following examples focus on web service deployments that leverage EJB3 service implementations and the JAX-WS programming models. For further information on POJO service implementations and advanced topics you need consult the
+ JBossWS uses WildFly as its target container. The following examples focus on web service deployments that leverage EJB3 service implementations and the JAX-WS programming models. For further information on POJO service implementations and advanced topics you need consult the
<link linkend="sid-3866716">user guide</link>
.
</para>
@@ -197,7 +197,7 @@
<section id="sid-3735860_QuickStart-Consumingwebservices">
<title>Consuming web services</title>
- <para>When creating web service clients you would usually start from the WSDL. JBossWS ships with a set of tools to generate the required JAX-WS artefacts to build client implementations. In the following section we will look at the most basic usage patterns. For a more detailed introduction to web service client please consult the user guide.</para>
+ <para>When creating web service clients you would usually start from the WSDL. JBossWS ships with a set of tools to generate the required JAX-WS artifacts to build client implementations. In the following section we will look at the most basic usage patterns. For a more detailed introduction to web service client please consult the user guide.</para>
<section id="sid-3735860_QuickStart-Creatingtheclientartifacts">
<title>Creating the client artifacts</title>
@@ -368,25 +368,16 @@
<code>
<ulink url="https://repository.jboss.org/nexus/content/groups/public-jboss/org/jboss/...">org.jboss.ws.cxf:jbossws-cxf-client</ulink>
</code>
- and
- <ulink url="https://repository.jboss.org/nexus/content/groups/public-jboss/org/jboss/...">
- <code>org.jboss.ws.native:jbossws-native-client</code>
- </ulink>
- artifacts can be used for getting the whole jbossws client dependency trees for the JBossWS-CXF and JBossWS-Native stacks. Users should simply add a dependency on
- <emphasis role="strong">one</emphasis>
- of them (depending on the JBossWS stack in use) to their Maven project.
+ artifact can be used for getting the whole JBossWS client dependency. Users should simply add a dependency to it in their Maven project.
</para>
<para>
- If you're running the client out of container, It's also recommended to properly setup JAXWS implementation endorsing, to use the JBossWS implementation of JAXWS API instead of relying on the implementation coming with the JDK; this is usually done by copying the
+ If you're running the client out of container, It's also recommended to properly setup JAXWS implementation endorsing, to make sure you use the JBossWS
+ <emphasis role="strong">implementation</emphasis>
+ of JAXWS API instead of relying on the implementation coming with the JDK; this is usually done by copying the
<code>
<ulink url="https://repository.jboss.org/nexus/content/groups/public-jboss/org/jboss/...">org.jboss.ws.cxf.jbossws-cxf-factories</ulink>
</code>
- (JBossWS-CXF stack)
- <emphasis role="strong">or</emphasis>
- <code>
- <ulink url="https://repository.jboss.org/nexus/content/groups/public-jboss/org/jboss/...">org.jboss.ws.native:jbossws-native-factories</ulink>
- </code>
- (JBossWS-Native stack) jar into a local directory (e.g.
+ (JBossWS-CXF stack) jar into a local directory (e.g.
<emphasis role="italics">project.build.directory/endorsed</emphasis>
) and then using that for compiling and running sources, for setting the
<emphasis role="italics">java.endorsed.dirs</emphasis>
@@ -458,7 +449,11 @@
</programlisting>
</informalexample>
<important>
- <para>Endorsing of JAXWS API jar is used to force a API level different from the one included in the JDK. E.g. JAXWS 2.2 on JDK 1.6, or JAXWS 2.1 on JDK 1.7, etc.</para>
+ <para>
+ Endorsing of JAX-WS
+ <emphasis role="strong">api</emphasis>
+ jar is used to force a API level different from the one included in the JDK. E.g. JAXWS 2.2 on JDK 1.6, or JAXWS 2.1 on JDK 1.7, etc. So, depending on your environment, it might not be strictly required.
+ </para>
</important>
</section>
<section id="sid-3735860_QuickStart-JBossModulesenvironment">
@@ -467,10 +462,10 @@
<para>
An interesting approach for running a WS client is to leverage JBoss Modules, basically getting a classloading environment equivalent to the server container WS endpoints are run in. This is achieved by using the
<emphasis role="italics">jboss-modules.jar</emphasis>
- coming with AS 7 as follows:
+ coming with WildFly as follows:
</para>
<informalexample>
- <programlisting>java -jar $JBOSS_HOME/jboss-modules.jar -mp $JBOSS_HOME/modules -jar client.jar</programlisting>
+ <programlisting>java -jar $WILDFLY_HOME/jboss-modules.jar -mp $WILDFLY_HOME/modules -jar client.jar</programlisting>
</informalexample>
<para>
The
@@ -501,20 +496,54 @@
<code>java</code>
command or using
<code>Ant</code>
- ). The JBossWS testsuite can be used to derive the whole set of files to be used; the testsuite can be run either using Maven (from the source distribution) or Ant (from the binary distribution). A verbose execution reveals the list of jar. As for the Maven project approach mentioned above, properly setting
+ ). As for the Maven project approach mentioned above, properly setting
<emphasis role="italics">java.endorsed.dirs</emphasis>
system property is also required.
</para>
</section>
</section>
- <section id="sid-3735860_QuickStart-Appendix">
+ </section>
+ <section id="sid-3735860_QuickStart-Mavenarchetypequickstart">
+
+ <title>Maven archetype quick start</title>
+ <para>
+ A convenient approach to start a new project aiming at providing and/or consuming a JAX-WS endpoint is to use the JBossWS
+ <emphasis role="italics">jaxws-codefirst</emphasis>
+ Maven Archetype. A starting project (including working build and sample helloworld client and endpoint) is created in few seconds. It's simply a matter of issuing a command and answering to simple questions on the desired artifact and group ids for the project being generated:
+ </para>
+ <informalexample>
+ <programlisting>> mvn archetype:generate -Dfilter=org.jboss.ws.plugins.archetypes:</programlisting>
+ </informalexample>
+ <para>The generated project includes:</para>
+ <itemizedlist>
+ <listitem>
+ <para>a sample HelloWorld code-first POJO endpoint</para>
+ </listitem>
+ <listitem>
+ <para>an integration test that gets the WSDL contract for the above service, builds up a client and invokes the endpoint</para>
+ </listitem>
+ <listitem>
+ <para>a pom.xml for creating a war archive; the project has proper WS component dependencies and uses both wsprovide and wsconsume maven plugins for generating the contract for the code-first endpoint and then generating the client stubs for such contract</para>
+ </listitem>
+ <listitem>
+ <para>a plugin for deploying the archive on WildFly.</para>
+ </listitem>
+ </itemizedlist>
+ <para>The project is built and tested by simply running:</para>
+ <informalexample>
+ <programlisting>> mvn wildfly:deploy
+> mvn integration-test</programlisting>
+ </informalexample>
+ <para>The build processes the various plugins and calls into the JBossWS tools to generate all the required classes for building the deployment archive and client. The user can test the sample, have a look at the project structure and then either trash the sample endpoint and testcase and replace them with his own components, or modify them step-by-step to achieve what he needs.</para>
+ </section>
+ <section id="sid-3735860_QuickStart-Appendix">
+
+ <title>Appendix</title>
+ <section id="sid-3735860_QuickStart-Samplewsdlcontract">
- <title>Appendix</title>
- <section id="sid-3735860_QuickStart-Samplewsdlcontract">
-
- <title>Sample wsdl contract</title>
- <informalexample>
- <programlisting>
+ <title>Sample wsdl contract</title>
+ <informalexample>
+ <programlisting>
<definitions
name='ProfileMgmtService'
targetNamespace='http://org.jboss.ws/samples/retail/profile'
@@ -603,8 +632,7 @@
</service>
</definitions>
</programlisting>
- </informalexample>
- </section>
+ </informalexample>
</section>
</section>
</chapter>
Modified: stack/cxf/trunk/modules/dist/src/main/doc/chapter-3-JAX_WS_User_Guide.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/chapter-3-JAX_WS_User_Guide.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/chapter-3-JAX_WS_User_Guide.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -201,7 +201,7 @@
<programlisting>// Generated Service Class
@WebServiceClient(name="StockQuoteService", targetNamespace="http://example.com/stocks", wsdlLocation="http://example.com/stocks.wsdl")
-publicclass StockQuoteService extends javax.xml.ws.Service
+public class StockQuoteService extends javax.xml.ws.Service
{
public StockQuoteService()
{
@@ -311,7 +311,7 @@
<programlisting>@WebServiceClient(name = "TestEndpointService", targetNamespace = "http://org.jboss.ws/wsref",
wsdlLocation = "http://localhost.localdomain:8080/jaxws-samples-webserviceref?wsdl")
-publicclass TestEndpointService extends Service
+public class TestEndpointService extends Service
{
...
@@ -347,7 +347,7 @@
<listitem>
<para>To define a reference whose type is a SEI. In this case, the type element MAY be present with its default value if the type of the reference can be inferred from the annotated field/method declaration, but the value element MUST always be present and refer to a generated service class type (a subtype of javax.xml.ws.Service). The wsdlLocation element, if present, overrides theWSDL location information specified in the WebService annotation of the referenced generated service class.</para>
<informalexample>
- <programlisting>publicclass EJB3Client implements EJB3Remote
+ <programlisting>public class EJB3Client implements EJB3Remote
{
@WebServiceRef
public TestEndpointService service4;
@@ -494,9 +494,9 @@
<informalexample>
<programlisting>@WebService (name="PingEndpoint")
@SOAPBinding(style = SOAPBinding.Style.RPC)
-publicclass PingEndpointImpl
+public class PingEndpointImpl
{
- privatestatic String feedback;
+ private static String feedback;
@WebMethod
@Oneway
@@ -574,7 +574,7 @@
<informalexample>
<programlisting>@WebService
@HandlerChain(file = "jaxws-server-source-handlers.xml")
-publicclass SOAPEndpointSourceImpl
+public class SOAPEndpointSourceImpl
{
...
}</programlisting>
Modified: stack/cxf/trunk/modules/dist/src/main/doc/chapter-4-JAX_WS_Tools.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/chapter-4-JAX_WS_Tools.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/chapter-4-JAX_WS_Tools.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -507,6 +507,7 @@
-l, --load-consumer Load the consumer and exit (debug utility)
-e, --extension Enable SOAP 1.2 binding extension
-a, --additionalHeaders Enables processing of implicit SOAP headers
+ -d, --encoding=<charset> The charset encoding to use for generated sources
-n, --nocompile Do not compile generated sources</programlisting>
</informalexample>
<para>
@@ -545,7 +546,9 @@
<title>Maven Plugin</title>
<para>
The wsconsume tools is included in the
- <emphasis role="strong">org.jboss.ws.plugins:maven-jaxws-tools-plugin</emphasis>
+ <emphasis role="strong">org.jboss.ws.plugins:jaxws-tools-</emphasis>
+ <emphasis role="strong">maven-</emphasis>
+ <emphasis role="strong">plugin</emphasis>
plugin. The plugin has two goals for running the tool,
<emphasis role="italics">wsconsume</emphasis>
and
@@ -708,6 +711,17 @@
</row>
<row>
<entry>
+ <para>encoding</para>
+ </entry>
+ <entry>
+ <para>The charset encoding to use for generated sources.</para>
+ </entry>
+ <entry>
+ <para>${project.build.sourceEncoding}</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
<para>argLine</para>
</entry>
<entry>
@@ -763,7 +777,9 @@
You can use
<emphasis role="italics">wsconsume</emphasis>
in your own project build simply referencing the
- <emphasis role="italics">maven-jaxws-tools-plugin</emphasis>
+ <emphasis role="italics">jaxws-tools-</emphasis>
+ <emphasis role="italics">maven-</emphasis>
+ <emphasis role="italics">plugin</emphasis>
in the configured plugins in your pom.xml file.
</para>
<para>The following example makes the plugin consume the test.wsdl file and generate SEI and wrappers' java sources. The generated sources are then compiled together with the other project classes.</para>
@@ -773,8 +789,8 @@
<plugins>
<plugin>
<groupId>org.jboss.ws.plugins</groupId>
- <artifactId>maven-jaxws-tools-plugin</artifactId>
- <version>1.1.0.GA</version>
+ <artifactId>jaxws-tools-maven-plugin</artifactId>
+ <version>1.2.0.Beta1</version>
<configuration>
<wsdls>
<wsdl>${basedir}/test.wsdl</wsdl>
@@ -799,8 +815,8 @@
<plugins>
<plugin>
<groupId>org.jboss.ws.plugins</groupId>
- <artifactId>maven-jaxws-tools-plugin</artifactId>
- <version>1.1.0.GA</version>
+ <artifactId>jaxws-tools-maven-plugin</artifactId>
+ <version>1.2.0.Beta1</version>
<configuration>
<wsdls>
<wsdl>${basedir}/test.wsdl</wsdl>
@@ -833,8 +849,8 @@
<plugins>
<plugin>
<groupId>org.jboss.ws.plugins</groupId>
- <artifactId>maven-jaxws-tools-plugin</artifactId>
- <version>1.1.0.GA</version>
+ <artifactId>jaxws-tools-maven-plugin</artifactId>
+ <version>1.2.0.Beta1</version>
<configuration>
<wsdls>
<wsdl>${basedir}/test.wsdl</wsdl>
@@ -866,7 +882,7 @@
<dependency>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-client</artifactId>
- <version>4.0.0.GA</version>
+ <version>5.0.0.Beta2</version>
</dependency>
</dependencies></programlisting>
</informalexample>
@@ -879,6 +895,15 @@
stack dependency to avoid that.
</para>
</tip>
+ <important>
+ <para>
+ Up to version 1.1.2.Final, the
+ <emphasis role="italics">artifactId</emphasis>
+ of the plugin was
+ <emphasis role="strong">maven-jaxws-tools-plugin</emphasis>
+ .
+ </para>
+ </important>
</section>
</section>
<section id="sid-3866762_wsconsume-AntTask">
@@ -975,6 +1000,17 @@
</row>
<row>
<entry>
+ <para>encoding</para>
+ </entry>
+ <entry>
+ <para>The charset encoding to use for generated sources</para>
+ </entry>
+ <entry>
+ <para>n/a</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
<para>destdir</para>
</entry>
<entry>
@@ -1175,7 +1211,9 @@
The
<emphasis role="italics">wsprovide</emphasis>
tools is included in the
- <emphasis role="strong">org.jboss.ws.plugins:maven-jaxws-tools-plugin</emphasis>
+ <emphasis role="strong">org.jboss.ws.plugins:jaxws-tools-</emphasis>
+ <emphasis role="strong">maven-</emphasis>
+ <emphasis role="strong">plugin</emphasis>
plugin. The plugin has two goals for running the tool,
<emphasis role="italics">wsprovide</emphasis>
and
@@ -1331,7 +1369,9 @@
You can use
<emphasis role="italics">wsprovide</emphasis>
in your own project build simply referencing the
- <emphasis role="italics">maven-jaxws-tools-plugin</emphasis>
+ <emphasis role="italics">jaxws-tools-</emphasis>
+ <emphasis role="italics">maven-</emphasis>
+ <emphasis role="italics">plugin</emphasis>
in the configured plugins in your
<emphasis role="italics">pom.xml</emphasis>
file.
@@ -1342,8 +1382,8 @@
<plugins>
<plugin>
<groupId>org.jboss.ws.plugins</groupId>
- <artifactId>maven-jaxws-tools-plugin</artifactId>
- <version>1.1.0.GA</version>
+ <artifactId>jaxws-tools-maven-plugin</artifactId>
+ <version>1.2.0.Beta1</version>
<configuration>
<verbose>true</verbose>
<endpointClass>org.jboss.test.ws.plugins.tools.wsprovide.TestEndpoint</endpointClass>
@@ -1366,8 +1406,8 @@
<plugins>
<plugin>
<groupId>org.jboss.ws.plugins</groupId>
- <artifactId>maven-jaxws-tools-plugin</artifactId>
- <version>1.1.0.GA</version>
+ <artifactId>jaxws-tools-maven-plugin</artifactId>
+ <version>1.2.0.Beta1</version>
<configuration>
<verbose>true</verbose>
<endpointClass>org.jboss.test.ws.plugins.tools.wsprovide.TestEndpoint2</endpointClass>
@@ -1398,7 +1438,7 @@
<dependency>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-client</artifactId>
- <version>4.0.0.GA</version>
+ <version>5.0.0.Beta2</version>
</dependency>
</dependencies></programlisting>
</informalexample>
@@ -1411,6 +1451,15 @@
stack dependency to avoid that.
</para>
</tip>
+ <important>
+ <para>
+ Up to version 1.1.2.Final, the
+ <emphasis role="italics">artifactId</emphasis>
+ of the plugin was
+ <emphasis role="strong">maven-jaxws-tools-plugin</emphasis>
+ .
+ </para>
+ </important>
</section>
</section>
<section id="sid-3866758_wsprovide-AntTask">
Modified: stack/cxf/trunk/modules/dist/src/main/doc/chapter-5-Advanced_User_Guide.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/chapter-5-Advanced_User_Guide.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/chapter-5-Advanced_User_Guide.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -38,7 +38,7 @@
instance being created on the JVM.
</para>
<important>
- <para>On JBoss AS 7, the system property is easily set by adding what follows to the standalone / domain server configuration just after the extensions section:</para>
+ <para>On WildFly, the system property is easily set by adding what follows to the standalone / domain server configuration just after the extensions section:</para>
<informalexample>
<programlisting><system-properties>
<property name="org.apache.cxf.logging.enabled" value="true"/>
@@ -65,7 +65,6 @@
<code>@org.apache.cxf.annotations.Logging</code>
).
</para>
- <para>Finally, the interceptors and feature can also be configured using Spring descriptors when Spring is available for the JBossWS-CXF integration on the application server.</para>
<para>
Please refer to the
<ulink url="http://cxf.apache.org/docs/debugging-and-logging.html#DebuggingandLogging...">Apache CXF documentation</ulink>
@@ -94,7 +93,7 @@
<para>
The configuration options are part of the
<ulink url="https://docs.jboss.org/author/display/AS71/Web+services+configuration">webservices subsystem section</ulink>
- of the JBoss Application Server 7 domain model.
+ of the WildFly domain model.
</para>
<informalexample>
<programlisting>
@@ -219,7 +218,7 @@
<code><config-file></code>
can be used to associate any endpoint provided in the deployment with a given
<link linkend="sid-41713670">endpoint configuration</link>
- . Endpoint configuration are either specified in the referenced config file or in the JBoss AS 7 domain model (webservices subsystem). For further details on the endpoint configurations and their management in the domain model, please see the related
+ . Endpoint configuration are either specified in the referenced config file or in the WildFly domain model (webservices subsystem). For further details on the endpoint configurations and their management in the domain model, please see the related
<ulink url="https://docs.jboss.org/author/display/AS71/Web+services+configuration">documentation</ulink>
.
</para>
@@ -359,50 +358,259 @@
on the wiki and at the examples in the sources.
</para>
</section>
+ <section id="sid-3866738_AdvancedUserGuide-WSDLsystempropertiesexpansion">
+
+ <title>WSDL system properties expansion</title>
+ <para>
+ See
+ <xref linkend="sid-83919125"/>
+ .
+ </para>
+ </section>
<section id="sid-41713670">
<title>Predefined client and endpoint configurations</title>
<section id="sid-41713670_Predefinedclientandendpointconfigurations-Overview">
<title>Overview</title>
- <para>JBossWS enables extra setup configuration data to be predefined and associated with an endpoint. Endpoint configurations can include JAX-WS handlers and key/value properties declarations that control JBossWS and Apache CXF internals. Predefined endpoint configurations can be used for JAX-WS client and JAX-WS endpoint setup.</para>
+ <para>JBossWS permits extra setup configuration data to be predefined and associated with an endpoint or a client. Configurations can include JAX-WS handlers and key/value property declarations that control JBossWS and Apache CXF internals. Predefined configurations can be used for JAX-WS client and JAX-WS endpoint setup.</para>
<para>
- Endpoint configurations can be defined in the webservice subsystem and in a deployment descriptor file within the application. There can be many endpoint configuration definitions in the webservice subsystem and in an application. Each endpoint configuration must have a name that is unique within the server. Configurations defined in an application are local to the application. Endpoint implementations declare the use of a specific configuration through the use of the
+ Configurations can be defined in the webservice subsystem and in an application's deployment descriptor file. There can be many configuration definitions in the webservice subsystem and in an application. Each configuration must have a name that is unique within the server. Configurations defined in an application are local to the application. Endpoint implementations declare the use of a specific configuration through the use of the
<code>org.jboss.ws.api.annotation.EndpointConfig</code>
- annotation. An endpoint configuration defined in the webservices subsystem is available to all deployed applications on the server container and can be referenced by name in the annotation. An endpoint configuration defined in an application must be referenced by deployment descriptor file name and the configuration name in the annotation.
+ annotation. An endpoint configuration defined in the webservices subsystem is available to all deployed applications on the server container and can be referenced by name in the annotation. An endpoint configuration defined in an application must be referenced by both deployment descriptor file name and configuration name by the annotation.
</para>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Handlers">
-
- <title>Handlers</title>
- <para>Each endpoint configuration may be associated with zero or more PRE and POST handler chains. Each handler chain may include JAXWS handlers. For outbound messages the PRE handler chains are executed before any handler that is attached to the endpoint using the standard means, such as with annotation @HandlerChain, and POST handler chains are executed after those objects have executed. For inbound messages the POST handler chains are executed before any handler that is attached to the endpoint using the standard means and the PRE handler chains are executed after those objects have executed.</para>
- <informalexample>
- <programlisting>* Server inbound messages
+ <para>
+ <emphasis role="strong">Handlers</emphasis>
+ </para>
+ <para>Each endpoint configuration may be associated with zero or more PRE and POST handler chains. Each handler chain may include JAXWS handlers. For outbound messages the PRE handler chains are executed before any handler that is attached to the endpoint using the standard means, such as with annotation @HandlerChain, and POST handler chains are executed after those objects have executed. For inbound messages the POST handler chains are executed before any handler that is attached to the endpoint using the standard means and the PRE handler chains are executed after those objects have executed.</para>
+ <informalexample>
+ <programlisting>* Server inbound messages
Client --> ... --> POST HANDLER --> ENDPOINT HANDLERS --> PRE HANDLERS --> Endpoint
* Server outbound messages
Endpoint --> PRE HANDLER --> ENDPOINT HANDLERS --> POST HANDLERS --> ... --> Client</programlisting>
- </informalexample>
- <para>The same applies for client configurations.</para>
- </section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Properties">
-
- <title>Properties</title>
- <para>Key/value properties are used for controlling both some Apache CXF internals and some JBossWS options. Specific supported values are mentioned where relevant in the rest of the documentation.</para>
- </section>
+ </informalexample>
+ <para>The same applies for client configurations.</para>
+ <para>
+ <emphasis role="strong">Properties</emphasis>
+ </para>
+ <para>Key/value properties are used for controlling both some Apache CXF internals and some JBossWS options. Specific supported values are mentioned where relevant in the rest of the documentation.</para>
</section>
<section id="sid-41713670_Predefinedclientandendpointconfigurations-Assigningconfigurations">
<title>Assigning configurations</title>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Endpointconfigurationassignment">
+ <para>Endpoints and clients are assigned configuration through different means. Users can explicitly require a given configuration or rely on container defaults. The assignment process can be split up as follows:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Explicit assignment through annotations (for endpoints) or API programmatic usage (for clients)</para>
+ </listitem>
+ <listitem>
+ <para>Automatic assignment of configurations from default descriptors</para>
+ </listitem>
+ <listitem>
+ <para>Automatic assignment of configurations from container</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Explicitconfigurationassignment">
- <title>Endpoint configuration assignment</title>
- <para>
- Annotation
- <code>org.jboss.ws.api.annotation.EndpointConfig</code>
- is used to assign an endpoint configuration to a JAX-WS endpoint implementation. When assigning a configuration that is defined in the webservices subsystem only the configuration name is specified. When assigning a configuration that is defined in the application, the relative path to the deployment descriptor and the configuration name must be specified.
- </para>
- <informalexample>
- <programlisting>@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
+ <title>Explicit configuration assignment</title>
+ <para>The explicit configuration assignment is meant for developer that know in advance their endpoint or client has to be setup according to a specified configuration. The configuration is either coming from a descriptor that is included in the application deployment, or is included in the application server webservices subsystem management model.</para>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-ConfigurationDeploymentDescriptor">
+
+ <title>Configuration Deployment Descriptor</title>
+ <para>
+ Java EE archives that can contain JAX-WS client and endpoint implementations can also contain predefined client and endpoint configuration declarations. All endpoint/client configuration definitions for a given archive must be provided in a single deployment descriptor file, which must be an implementation of schema
+ <ulink url="http://anonsvn.jboss.org/repos/jbossws/spi/tags/jbossws-spi-2.1.0.Final/s...">jbossws-jaxws-config</ulink>
+ . Many endpoint/client configurations can be defined in the deployment descriptor file. Each configuration must have a name that is unique within the server on which the application is deployed. The configuration name can't be referred to by endpoint/client implementations outside the application. Here is an example of a descriptor, containing two endpoint configurations:
+ </para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
+<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
+ xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
+ <endpoint-config>
+ <config-name>org.jboss.test.ws.jaxws.jbws3282.Endpoint4Impl</config-name>
+ <pre-handler-chains>
+ <javaee:handler-chain>
+ <javaee:handler>
+ <javaee:handler-name>Log Handler</javaee:handler-name>
+ <javaee:handler-class>org.jboss.test.ws.jaxws.jbws3282.LogHandler</javaee:handler-class>
+ </javaee:handler>
+ </javaee:handler-chain>
+ </pre-handler-chains>
+ <post-handler-chains>
+ <javaee:handler-chain>
+ <javaee:handler>
+ <javaee:handler-name>Routing Handler</javaee:handler-name>
+ <javaee:handler-class>org.jboss.test.ws.jaxws.jbws3282.RoutingHandler</javaee:handler-class>
+ </javaee:handler>
+ </javaee:handler-chain>
+ </post-handler-chains>
+ </endpoint-config>
+ <endpoint-config>
+ <config-name>EP6-config</config-name>
+ <post-handler-chains>
+ <javaee:handler-chain>
+ <javaee:handler>
+ <javaee:handler-name>Authorization Handler</javaee:handler-name>
+ <javaee:handler-class>org.jboss.test.ws.jaxws.jbws3282.AuthorizationHandler</javaee:handler-class>
+ </javaee:handler>
+ </javaee:handler-chain>
+ </post-handler-chains>
+ </endpoint-config>
+</jaxws-config>
+</programlisting>
+ </informalexample>
+ <para>Similarly, client configurations can be specified in descriptors (still implementing the schema mentioned above):</para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
+<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
+ xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
+ <client-config>
+ <config-name>Custom Client Config</config-name>
+ <pre-handler-chains>
+ <javaee:handler-chain>
+ <javaee:handler>
+ <javaee:handler-name>Routing Handler</javaee:handler-name>
+ <javaee:handler-class>org.jboss.test.ws.jaxws.clientConfig.RoutingHandler</javaee:handler-class>
+ </javaee:handler>
+ <javaee:handler>
+ <javaee:handler-name>Custom Handler</javaee:handler-name>
+ <javaee:handler-class>org.jboss.test.ws.jaxws.clientConfig.CustomHandler</javaee:handler-class>
+ </javaee:handler>
+ </javaee:handler-chain>
+ </pre-handler-chains>
+ </client-config>
+ <client-config>
+ <config-name>Another Client Config</config-name>
+ <post-handler-chains>
+ <javaee:handler-chain>
+ <javaee:handler>
+ <javaee:handler-name>Routing Handler</javaee:handler-name>
+ <javaee:handler-class>org.jboss.test.ws.jaxws.clientConfig.RoutingHandler</javaee:handler-class>
+ </javaee:handler>
+ </javaee:handler-chain>
+ </post-handler-chains>
+ </client-config>
+</jaxws-config>
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Applicationserverconfigurations">
+
+ <title>Application server configurations</title>
+ <para>
+ WildFly allows declaring JBossWS client and server predefined configurations in the
+ <emphasis role="italics">webservices</emphasis>
+ subsystem section of the server model. As a consequence it is possible to declare server-wide handlers to be added to the chain of each endpoint or client assigned to a given configuration.
+ </para>
+ <para>
+ Please refer to the
+ <ulink url="https://docs.jboss.org/author/display/WFLY9/Web+services+configuration">WildFly documentation</ulink>
+ for details on managing the
+ <emphasis role="italics">webservices</emphasis>
+ subsystem such as adding, removing and modifying handlers and properties.
+ </para>
+ <para>
+ The allowed contents in the
+ <emphasis role="italics">webservices</emphasis>
+ subsystem are defined by the
+ <ulink url="https://github.com/jbossas/jboss-as/blob/7.2.0.Final/build/src/main/resou...">schema</ulink>
+ included in the application server.
+ </para>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Standardconfigurations">
+
+ <title>Standard configurations</title>
+ <para>
+ Clients running in-container as well as endpoints are assigned standard configurations by default. The defaults are used unless different configurations are set as described on this page. This enables administrators to tune the default handler chains for client and endpoint configurations. The names of the default client and endpoint configurations, used in the webservices subsystem are
+ <code>Standard-Client-Config</code>
+ and
+ <code>Standard-Endpoint-Config</code>
+ respectively.
+ </para>
+ </section>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Handlersclassloading">
+
+ <title>Handlers classloading</title>
+ <para>
+ When setting a server-wide handler, please note the handler class needs to be available through each ws deployment classloader. As a consequence proper module dependencies might need to be specified in the deployments that are going to leverage a given predefined configuration. A shortcut is to add a dependency to the module containing the handler class in one of the modules which are already automatically set as dependencies to any deployment, for instance
+ <code>org.jboss.ws.spi</code>
+ .
+ </para>
+ </section>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Examples">
+
+ <title>Examples</title>
+ <example>
+ <title>JBoss AS 7.2 default configurations</title>
+ <programlisting>
+<subsystem xmlns="urn:jboss:domain:webservices:2.0">
+ <!-- ... -->
+ <endpoint-config name="Standard-Endpoint-Config"/>
+ <endpoint-config name="Recording-Endpoint-Config">
+ <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
+ <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
+ </pre-handler-chain>
+ </endpoint-config>
+ <client-config name="Standard-Client-Config"/>
+</subsystem></programlisting>
+ </example>
+ <example>
+ <title>A configuration file for a deployment specific ws-security endpoint setup</title>
+ <programlisting>
+<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
+ <endpoint-config>
+ <config-name>Custom WS-Security Endpoint</config-name>
+ <property>
+ <property-name>ws-security.signature.properties</property-name>
+ <property-value>bob.properties</property-value>
+ </property>
+ <property>
+ <property-name>ws-security.encryption.properties</property-name>
+ <property-value>bob.properties</property-value>
+ </property>
+ <property>
+ <property-name>ws-security.signature.username</property-name>
+ <property-value>bob</property-value>
+ </property>
+ <property>
+ <property-name>ws-security.encryption.username</property-name>
+ <property-value>alice</property-value>
+ </property>
+ <property>
+ <property-name>ws-security.callback-handler</property-name>
+ <property-value>org.jboss.test.ws.jaxws.samples.wsse.policy.basic.KeystorePasswordCallback</property-value>
+ </property>
+ </endpoint-config>
+</jaxws-config></programlisting>
+ </example>
+ <example>
+ <title>JBoss AS 7.2 default configurations modified to default to SOAP messages schema-validation on</title>
+ <programlisting><subsystem xmlns="urn:jboss:domain:webservices:2.0">
+ <!-- ... -->
+ <endpoint-config name="Standard-Endpoint-Config">
+ <property name="schema-validation-enabled" value="true"/>
+ </endpoint-config>
+ <!-- ... -->
+ <client-config name="Standard-Client-Config">
+ <property name="schema-validation-enabled" value="true"/>
+ </client-config>
+</subsystem></programlisting>
+ </example>
+ </section>
+ </section>
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-EndpointConfigannotation">
+
+ <title>EndpointConfig annotation</title>
+ <para>
+ Once a configuration is available to a given application, the
+ <code>org.jboss.ws.api.annotation.EndpointConfig</code>
+ annotation is used to assign an endpoint configuration to a JAX-WS endpoint implementation. When assigning a configuration that is defined in the webservices subsystem only the configuration name is specified. When assigning a configuration that is defined in the application, the relative path to the deployment descriptor and the configuration name must be specified.
+ </para>
+ <informalexample>
+ <programlisting>@EndpointConfig(configFile = "WEB-INF/my-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
public class ServiceImpl implements ServiceIface
{
public String sayHello()
@@ -410,21 +618,8 @@
return "Secure Hello World!";
}
}</programlisting>
- </informalexample>
- </section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-EndpointConfigurationDeploymentDescriptor">
-
- <title>Endpoint Configuration Deployment Descriptor</title>
- <para>
- Java EE archives that can contain JAX-WS endpoint implementations can also contain predefined endpoint configurations. All endpoint configuration definitions for a given archive must be provided in a single deployment descriptor file. The file must reside in directory WEB-INF for a web application and directory META-INF for a client and EJB application. The file name must end with extension .xml and be an implementation of schema
- <ulink url="http://anonsvn.jboss.org/repos/jbossws/spi/tags/jbossws-spi-2.1.0.Beta1/s...">jbossws-jaxws-config</ulink>
- . Common practice is to use the file name jaxws-endpoint-config.xml but this is not required.
- </para>
- <para>Many endpoint configurations can be defined within the deployment descriptor file. Each configuration must have a name that is unique within the server on which the application is deployed. The configuration name is not referencable by endpoint implementations outside the application.</para>
- </section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Clientconfigurationassignment">
-
- <title>Client configuration assignment</title>
+ </informalexample>
+ </section>
<section id="sid-41713670_Predefinedclientandendpointconfigurations-JAXWSFeature">
<title>JAXWS Feature</title>
@@ -442,12 +637,12 @@
...
Service service = Service.create(wsdlURL, serviceName);
-Endpoint port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/jaxws-client-config.xml", "Custom Client Config"));
+Endpoint port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/my-client-config.xml", "Custom Client Config"));
port.echo("Kermit");
... or ....
-port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/jaxws-client-config.xml", "Custom Client Config"), true); //setup properties too from the configuration
+port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/my-client-config.xml", "Custom Client Config"), true); //setup properties too from the configuration
port.echo("Kermit");
... or ...
@@ -463,9 +658,9 @@
artifact.
</para>
</section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Explicitsetup">
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-ExplicitsetupthroughAPI">
- <title>Explicit setup</title>
+ <title>Explicit setup through API</title>
<para>Alternatively, JBossWS API comes with facility classes that can be used for assigning configurations when building a client. JAXWS handlers read from client configurations as follows:</para>
<informalexample>
<programlisting>import org.jboss.ws.api.configuration.ClientConfigUtil;
@@ -476,18 +671,18 @@
Service service = Service.create(wsdlURL, serviceName);
Endpoint port = service.getPort(Endpoint.class);
BindingProvider bp = (BindingProvider)port;
-ClientConfigUtil.setConfigHandlers(bp, "META-INF/jaxws-client-config.xml", "Custom Client Config 1");
+ClientConfigUtil.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 1");
port.echo("Kermit");
...
ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
-configurer.setConfigHandlers(bp, "META-INF/jaxws-client-config.xml", "Custom Client Config 2");
+configurer.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 2");
port.echo("Kermit");
...
-configurer.setConfigHandlers(bp, "META-INF/jaxws-client-config.xml", "Custom Client Config 3");
+configurer.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 3");
port.echo("Kermit");
@@ -507,18 +702,18 @@
Service service = Service.create(wsdlURL, serviceName);
Endpoint port = service.getPort(Endpoint.class);
-ClientConfigUtil.setConfigProperties(port, "META-INF/jaxws-client-config.xml", "Custom Client Config 1");
+ClientConfigUtil.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 1");
port.echo("Kermit");
...
ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
-configurer.setConfigProperties(port, "META-INF/jaxws-client-config.xml", "Custom Client Config 2");
+configurer.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 2");
port.echo("Kermit");
...
-configurer.setConfigProperties(port, "META-INF/jaxws-client-config.xml", "Custom Client Config 3");
+configurer.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 3");
port.echo("Kermit");
@@ -539,111 +734,69 @@
</para>
</section>
</section>
- </section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Applicationserverconfigurations">
-
- <title>Application server configurations</title>
- <para>
- JBoss Application Server 7.x allows declaring JBossWS client and server predefined configurations in the
- <emphasis role="italics">webservices</emphasis>
- subsystem section of the server model. As a consequence it is possible to declare server-wide handlers to be added to the chain of each endpoint or client assigned to a given configuration.
- </para>
- <para>
- Please refer to the
- <ulink url="https://docs.jboss.org/author/display/AS71/Web+services+configuration">JBoss Application Server 7 documentation</ulink>
- for any detail on managing the
- <emphasis role="italics">webservices</emphasis>
- subsystem to add, remove or modify handlers and properties.
- </para>
- <para>
- The allowed contents in the
- <emphasis role="italics">webservices</emphasis>
- subsystem are defined by the
- <ulink url="https://github.com/jbossas/jboss-as/blob/master/build/src/main/resources/...">schema</ulink>
- included in the application server.
- </para>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Standardconfigurations">
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Automaticconfigurationfromdefaultdescriptors">
- <title>Standard configurations</title>
+ <title>Automatic configuration from default descriptors</title>
<para>
- Clients running in-container as well as endpoints are assigned standard configurations by default. Those are used unless different configurations are set as previously described. This way administrators can tune default handler chains for client and endpoints developers did not assign a specific configuration to. The name for such default configuration, to be used in the JBoss AS 7 webservices subsystem are
- <code>Standard-Client-Config</code>
- and
- <code>Standard-Endpoint-Config</code>
- .
+ In some cases, the application developer might not be aware of the configuration that will need to be used for its client and endpoint implementation, perhaps because that's a concern of the application deployer. In other cases, explicit usage (compile time dependency) of JBossWS API might not be accepted. To cope with such scenarios, JBossWS allows including default client (
+ <code>jaxws-client-config.xml</code>
+ ) and endpoint (
+ <code>jaxws-endpoint-config.xml</code>
+ ) descriptor within the application (in its root), which are parsed for getting configurations any time a configuration file name is not specified.
</para>
+ <para>If the configuration name is also not specified, JBossWS automatically looks for a configuration named the same as</para>
+ <itemizedlist>
+ <listitem>
+ <para>the endpoint implementation class (full qualified name), in case of JAX-WS endpoints;</para>
+ </listitem>
+ <listitem>
+ <para>the service endpoint interface (full qualified name), in case of JAX-WS clients.</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ No automatic configuration name is selected for
+ <code>Dispatch</code>
+ clients.
+ </para>
+ <para>
+ So, for instance, an endpoint implementation class
+ <code>org.foo.bar.EndpointImpl</code>
+ for which no pre-defined configuration is explicitly set will cause JBossWS to look for a
+ <emphasis role="italics">org.foo.bar.EndpointImpl</emphasis>
+ named configuration within a
+ <emphasis role="italics">jaxws-endpoint-config.xml</emphasis>
+ descriptor in the root of the application deployment. Similarly, on client side, a client proxy implementing
+ <code>org.foo.bar.Endpoint</code>
+ interface (SEI) will have the setup read from a
+ <emphasis role="italics">org.foo.bar.Endpoint</emphasis>
+ named configuration in
+ <emphasis role="italics">jaxws-client-config.xml</emphasis>
+ descriptor.
+ </para>
</section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Handlersclassloading">
+ <section id="sid-41713670_Predefinedclientandendpointconfigurations-Automaticconfigurationassignmentfromcontainersetup">
- <title>Handlers classloading</title>
+ <title>Automatic configuration assignment from container setup</title>
+ <para>JBossWS fall-backs to getting predefined configurations from the container setup whenever no explicit configuration has been provided and the default descriptors are either not available or do not contain relevant configurations. This gives additional control on the JAX-WS client and endpoint setup to administrators, as the container setup can be managed independently from the deployed applications.</para>
+ <para>JBossWS hence accesses the webservices subsystem the same as explained above for explicitly named configuration; the default configuration names used for look are</para>
+ <itemizedlist>
+ <listitem>
+ <para>the endpoint implementation class (full qualified name), in case of JAX-WS endpoints;</para>
+ </listitem>
+ <listitem>
+ <para>the service endpoint interface (full qualified name), in case of JAX-WS clients.</para>
+ </listitem>
+ </itemizedlist>
<para>
- When setting a server-wide handler, please note the handler class needs to be available either through each ws deployment classloader or the
- <code>org.jboss.as.webservices.server.integration:main</code>
- module classloader. As a consequence proper module dependencies might need to be specified either in the deployments that are going to leverage a given predefined configuration or directly in the previously mentioned AS7 module.
+ <code>Dispatch</code>
+ clients are not automatically configured. If no configuration is found using names computed as above, the
+ <code>Standard-Client-Config</code>
+ and
+ <code>Standard-Endpoint-Config</code>
+ configurations are used for clients and endpoints respectively
</para>
</section>
</section>
- <section id="sid-41713670_Predefinedclientandendpointconfigurations-Examples">
-
- <title>Examples</title>
- <example>
- <title>JBoss AS 7.2 default configurations</title>
- <programlisting>
-<subsystem xmlns="urn:jboss:domain:webservices:1.2">
- <!-- ... -->
- <endpoint-config name="Standard-Endpoint-Config"/>
- <endpoint-config name="Recording-Endpoint-Config">
- <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
- <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
- </pre-handler-chain>
- </endpoint-config>
- <client-config name="Standard-Client-Config"/>
-</subsystem></programlisting>
- </example>
- <example>
- <title>A configuration file for a deployment specific ws-security endpoint setup</title>
- <programlisting>
-<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
- <endpoint-config>
- <config-name>Custom WS-Security Endpoint</config-name>
- <property>
- <property-name>ws-security.signature.properties</property-name>
- <property-value>bob.properties</property-value>
- </property>
- <property>
- <property-name>ws-security.encryption.properties</property-name>
- <property-value>bob.properties</property-value>
- </property>
- <property>
- <property-name>ws-security.signature.username</property-name>
- <property-value>bob</property-value>
- </property>
- <property>
- <property-name>ws-security.encryption.username</property-name>
- <property-value>alice</property-value>
- </property>
- <property>
- <property-name>ws-security.callback-handler</property-name>
- <property-value>org.jboss.test.ws.jaxws.samples.wsse.policy.basic.KeystorePasswordCallback</property-value>
- </property>
- </endpoint-config>
-</jaxws-config></programlisting>
- </example>
- <example>
- <title>JBoss AS 7.2 default configurations modified to default to SOAP messages schema-validation on</title>
- <programlisting><subsystem xmlns="urn:jboss:domain:webservices:1.2">
- <!-- ... -->
- <endpoint-config name="Standard-Endpoint-Config">
- <property name="schema-validation-enabled" value="true"/>
- </endpoint-config>
- <!-- ... -->
- <client-config name="Standard-Client-Config">
- <property name="schema-validation-enabled" value="true"/>
- </client-config>
-</subsystem></programlisting>
- </example>
- </section>
</section>
<section id="sid-3866749">
@@ -702,7 +855,7 @@
</jboss-web>
</programlisting>
</informalexample>
- <para>The security domain as well as its the authentication and authorization mechanisms are defined differently depending on the JBoss Application Server in use.</para>
+ <para>The security domain as well as its the authentication and authorization mechanisms are defined differently depending on the server in use.</para>
</section>
<section id="sid-3866749_Authentication-UseBindingProvidertosetprincipal%2Fcredential">
@@ -776,7 +929,7 @@
<important>
<para>
For further information on configuring security domains in WildFly, please refer to
- <ulink url="https://docs.jboss.org/author/display/WFLY8/Security+subsystem+configuration">here</ulink>
+ <ulink url="https://docs.jboss.org/author/display/WFLY9/Security+subsystem+configuration">here</ulink>
.
</para>
</important>
@@ -876,7 +1029,7 @@
<title>JBossWS integration layer with Apache CXF</title>
<para>
- All JAX-WS functionalities provided by JBossWS on top of JBoss Application Server are currently served through a proper integration of the JBoss Web Services stack with most of the
+ All JAX-WS functionalities provided by JBossWS on top of WildFly are currently served through a proper integration of the JBoss Web Services stack with most of the
<ulink url="http://cxf.apache.org/">Apache CXF</ulink>
project modules.
</para>
@@ -888,10 +1041,10 @@
</para>
<itemizedlist>
<listitem>
- <para>allowing using standard webservices APIs (including JAX-WS) on JBoss Application Server; this is performed internally leveraging Apache CXF without requiring the user to deal with it;</para>
+ <para>allowing using standard webservices APIs (including JAX-WS) on WildFly; this is performed internally leveraging Apache CXF without requiring the user to deal with it;</para>
</listitem>
<listitem>
- <para>allowing using Apache CXF advanced features (including WS-*) on top of JBoss Application server without requiring the user to deal with / setup / care about the required integration steps for running in such a container.</para>
+ <para>allowing using Apache CXF advanced features (including WS-*) on top of WildFly without requiring the user to deal with / setup / care about the required integration steps for running in such a container.</para>
</listitem>
</itemizedlist>
<para>In order for achieving the goals above, the JBossWS-CXF integration supports the JBoss ws endpoint deployment mechanism and comes with many internal customizations on top of Apache CXF.</para>
@@ -911,17 +1064,17 @@
<code>cxf.xml</code>
descriptors; those may contain any basic bean plus specific ws client and endpoint beans which CXF has custom parsers for. Apache CXF can be used to deploy webservice endpoints on any servlet container by including its libraries in the deployment; in such a scenario Spring basically serves as a convenient configuration option, given direct Apache CXF API usage won't be very handy. Similar reasoning applies on client side, where a Spring based descriptor offers a shortcut for setting up Apache CXF internals.
</para>
- <para>This said, nowadays almost any Apache CXF functionality can be configured and used through direct API usage, without Spring.</para>
+ <para>This said, nowadays almost any Apache CXF functionality can be configured and used through direct API usage, without Spring. As a consequence of that and given the considerations in the sections below, the JBossWS integration with Apache CXF does not rely on Spring descriptors.</para>
<section id="sid-3866786_ApacheCXFintegration-Portableapplications">
<title>Portable applications</title>
- <para>The JBoss Application Server is much more then a servlet container; it actually provides users with a fully compliant target platform for Java EE applications.</para>
+ <para>WildFly is much more then a servlet container; it actually provides users with a fully compliant target platform for Java EE applications.</para>
<para>
Generally speaking,
<emphasis role="italics">users are encouraged to write portable applications</emphasis>
by relying only on
<emphasis role="italics">JAX-WS specification</emphasis>
- whenever possible. That would by the way ensure easy migrations to and from other compliant platforms. Being a Java EE container, JBoss Application Server already comes with a JAX-WS compliant implementation, which is basically Apache CXF plus the JBossWS-CXF integration layer. So users just need to write their JAX-WS application;
+ whenever possible. That would by the way ensure easy migrations to and from other compliant platforms. Being a Java EE container, WildFlt already comes with a JAX-WS compliant implementation, which is basically Apache CXF plus the JBossWS-CXF integration layer. So users just need to write their JAX-WS application;
<emphasis role="italics">no need for embedding any Apache CXF or any ws related dependency library in user deployments</emphasis>
. Please refer to the
<xref linkend="sid-3866716"/>
@@ -937,9 +1090,6 @@
<emphasis role="italics">without Spring descriptors</emphasis>
.
</para>
- <para>
- <emphasis role="strong">The following two paragraphs provide few directions on how to deploy or use applications explicitly relying on Apache CXF, users should however prefer the portable application approach whenever possible.</emphasis>
- </para>
</section>
<section id="sid-3866786_ApacheCXFintegration-DirectApacheCXFAPIusage">
@@ -948,177 +1098,15 @@
<para>
On server side, direct Apache CXF API usage might not be always possible or end up being not very easy. For this reason, the JBossWS integration comes with a convenient alternative through customization options in the
<code>jboss-webservices.xml</code>
- descriptor described below on this page.
+ descriptor described below on this page. Properties can be declared in
+ <code>jboss-webservices.xml</code>
+ to control Apache CXF internals like
+ <emphasis role="italics">interceptors</emphasis>
+ ,
+ <emphasis role="italics">features</emphasis>
+ , etc.
</para>
</section>
- <section id="sid-3866786_ApacheCXFintegration-Springdescriptorsusage">
-
- <title>Spring descriptors usage</title>
- <para>
- Finally, in some cases, users might still want to consume Spring descriptors (
- <emphasis role="strong">discouraged approach</emphasis>
- ); that's possibly the case of applications developed on and being migrated from different environments. For such scenarios, the installation of Spring Framework libraries on application server is the suggested approach. That can be performed using the JBossWS-CXF installation script or by manually populating a
- <emphasis role="italics">org.springframework.spring</emphasis>
- JBoss AS module with the required Spring jars. For writing the
- <code>module.xml</code>
- descriptor for such a module please refer the relevant JBoss AS documentation on creating modules; in any case it would look similar to:
- </para>
- <informalexample>
- <programlisting><module xmlns="urn:jboss:module:1.1" name="org.springframework.spring">
- <resources>
- <!-- List references to jar resources here -->
- </resources>
- <dependencies>
- <module name="javax.api" />
- <module name="javax.jms.api" />
- <module name="javax.annotation.api" />
- <module name="org.apache.commons.logging" />
- <module name="org.jboss.vfs" />
- </dependencies>
-</module></programlisting>
- </informalexample>
- <para>
- The other webservices modules on JBoss AS already have an optional dependency on
- <emphasis role="italics">org.springframework.spring</emphasis>
- module and will hence automatically consume it.
- </para>
- <para>Once the Spring module is available on target application server, Spring based Apache CXF buses can be built up.</para>
- <section id="sid-3866786_ApacheCXFintegration-Clientside">
-
- <title>Client side</title>
- <para>
- Whenever Spring is available in the current thread classloader (possibly as a consequence of having set a dependency to the above mentioned
- <code>org.springframework.spring</code>
- module) and the classloader can successfully locate a valid Spring descriptor resource, a Spring based
- <code>Bus</code>
- will be created if required. So user can either:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- programmatically use a
- <code>SpringBusFactory</code>
- (or the
- <code>JBossWSBusFactory</code>
- if the JBossWS additions are available) to load a Spring Bus from a given
- <emphasis role="italics">cxf.xml</emphasis>
- descriptor; that can include any CXF customization or client bean;
- </para>
- </listitem>
- <listitem>
- <para>
- build a JAX-WS client and let the JAX-WS Provider implementation internally build a Spring based
- <code>Bus</code>
- using the available
- <emphasis role="italics">cxf.xml</emphasis>
- resource retrieved from the current classloader (usually found in
- <emphasis role="italics">META-INF/cxf.xml</emphasis>
- ).
- </para>
- </listitem>
- </itemizedlist>
- <para>
- Consider having a look at
- <link linkend="sid-4784150">this page</link>
- for directions on setting module dependencies, especially if willing to create a ws client within a Spring Bus and running in-container.
- </para>
- <para>
- Finally please be sure to check the section below on
- <code>Bus</code>
- usage any time you're building a
- <code>Bus</code>
- on client side.
- </para>
- </section>
- <section id="sid-3866786_ApacheCXFintegration-Serverside">
-
- <title>Server side</title>
- <para>It is possible to customize the JBossWS integration with Apache CXF by incorporating a CXF configuration file into the endpoint deployment archive. The convention is the following:</para>
- <itemizedlist>
- <listitem>
- <para>
- the descriptor file name must be
- <emphasis role="strong">jbossws-cxf.xml</emphasis>
- </para>
- </listitem>
- <listitem>
- <para>
- for POJO deployments it is located in
- <emphasis role="strong">WEB-INF</emphasis>
- directory
- </para>
- </listitem>
- <listitem>
- <para>
- for EJB3 deployments it is located in
- <emphasis role="strong">META-INF</emphasis>
- directory
- </para>
- </listitem>
- </itemizedlist>
- <para>
- The
- <emphasis role="italics">jbossws-cxf.xml</emphasis>
- is parsed similarly to a common
- <emphasis role="italics">cxf.xml</emphasis>
- in order for building up a
- <code>Bus</code>
- for the WS deployment; the endpoint beans included in the deployment are to be specified using the
- <code><jaxws:endpoint></code>
- tag the same they would be specified in a
- <emphasis role="italics">cxf.xml</emphasis>
- descriptor (a example from the testsuite can be seen
- <ulink url="http://anonsvn.jboss.org/repos/jbossws/stack/cxf/tags/jbossws-cxf-4.1.3.F...">here</ulink>
- ). The application server HTTP engine will be serving the endpoints.
- </para>
- <para>
- If there is no
- <code><jaxws:endpoint></code>
- defined in
- <emphasis role="italics">jbossws-cxf.xml</emphasis>
- , the endpoint classes mentioned in
- <emphasis role="italics">WEB-INF/web.xml</emphasis>
- will be automatically transformed to
- <code><jaxws:endpoint></code>
- entries in the Spring configuration and loaded by JBossWS-CXF. This allows using the jbossws-cxf.xml to customize the bus without having to manually duplicate the endpoint information in the descriptor. The following is an example of configuring an endpoint through
- <emphasis role="italics">web.xml</emphasis>
- with Aegis databinding setup from
- <emphasis role="italics">jbossws-cxf.xml</emphasis>
- :
- </para>
- <informalexample>
- <programlisting><?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
- <servlet>
- <servlet-name>AegisGroupQueryService</servlet-name>
- <servlet-class>org.jboss.test.ws.jaxws.cxf.aegis.AegisGroupQueryImpl</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>AegisGroupQueryService</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
-</web-app></programlisting>
- </informalexample>
- <informalexample>
- <programlisting><beans xmlns='http://www.springframework.org/schema/beans'
- xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:beans='http://www.springframework.org/schema/beans'
- xmlns:jaxws='http://cxf.apache.org/jaxws'
- xsi:schemaLocation='http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.w3.org/2006/07/ws-policy http://www.w3.org/2006/07/ws-policy.xsd
- http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd'>
- <bean id="aegisBean" class="org.apache.cxf.aegis.databinding.AegisDatabinding" scope="prototype" />
- <bean name="{http://aegis.cxf.jaxws.ws.test.jboss.org/}AegisGroupQueryImplPort.jaxws-endpoint" abstract="true">
- <property name="dataBinding" ref="aegisBean" />
- </bean>
-</beans> </programlisting>
- </informalexample>
- <para>
- The
- <emphasis role="italics">jbossws-cxf.xml</emphasis>
- approach can be used for the very few scenarios Apache CXF can be configured for only using Spring descriptor, e.g. for some advanced WS-RM customizations.
- </para>
- </section>
- </section>
</section>
<section id="sid-3866786_ApacheCXFintegration-Bususage">
@@ -1150,9 +1138,7 @@
<code>BusFactory</code>
,
<code>org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory</code>
- , that allows for automatic detection of
- <emphasis role="italics">Spring</emphasis>
- availability as well as seamless setup of JBossWS customizations on top of Apache CXF. So, assuming the JBossWS-CXF libraries are available in the current thread context classloader, the
+ , that allows for seamless setup of JBossWS customizations on top of Apache CXF. So, assuming the JBossWS-CXF libraries are available in the current thread context classloader, the
<code>JBossWSBusFactory</code>
is
<emphasis role="italics">automatically</emphasis>
@@ -1161,9 +1147,7 @@
call above.
</para>
<para>
- JBossWS users willing to explicitely use functionalities of
- <code>org.apache.cxf.bus.spring.SpringBusFactory</code>
- or
+ JBossWS users willing to explicitly use functionalities of
<code>org.apache.cxf.bus.CXFBusFactory</code>
<emphasis role="italics">,</emphasis>
get the same API with JBossWS additions through
@@ -1171,10 +1155,6 @@
:
</para>
<informalexample>
- <programlisting>String myConfigFile = ...
-Bus bus = new JBossWSBusFactory().createBus(myConfigFile);</programlisting>
- </informalexample>
- <informalexample>
<programlisting>Map<Class, Object> myExtensions = new HashMap<Class, Object>();
myExtensions.put(...);
Bus bus = new JBossWSBusFactory().createBus(myExtensions);</programlisting>
@@ -1216,7 +1196,7 @@
<emphasis role="italics">getThreadDefaultBus(true)</emphasis>
first fallback to retrieving the configured global default bus before actually trying creating a new instance (and the created new instance is set as global default bus if that was not set there yet).
</para>
- <para>The drawback of this mechanism (which is basically fine in JSE environment) is that when running in a JBoss AS container you need to be careful in order not to (mis)use a bus over multiple applications (assuming the Apache CXF classes are loaded by the same classloader, which is currently the case with JBoss AS6, JBoss AS7 and WildFly).</para>
+ <para>The drawback of this mechanism (which is basically fine in JSE environment) is that when running in WildFly container you need to be careful in order not to (mis)use a bus over multiple applications (assuming the Apache CXF classes are loaded by the same classloader, which is currently the case with WildFly).</para>
<para>Here is a list of general suggestions to avoid problems when running in-container:</para>
<itemizedlist>
<listitem>
@@ -1299,7 +1279,7 @@
<section id="sid-3866786_ApacheCXFintegration-Threadcontextclassloaderbusstrategy%28TCCLBUS%29">
<title>Thread context classloader bus strategy (TCCL_BUS)</title>
- <para>The last strategy is to have the bus created for serving the client be associated to the current thread context classloader (TCCL). That basically means the same Bus instance is shared by JAXWS clients running when the same TCCL is set. This is particularly interesting as each web application deployment usually has its own context classloader, so this strategy is possibly a way to keep the number of created Bus instances bound to the application number in a JBoss AS container.</para>
+ <para>The last strategy is to have the bus created for serving the client be associated to the current thread context classloader (TCCL). That basically means the same Bus instance is shared by JAXWS clients running when the same TCCL is set. This is particularly interesting as each web application deployment usually has its own context classloader, so this strategy is possibly a way to keep the number of created Bus instances bound to the application number in a WildFly container.</para>
<para>If there's a bus already associated to the current thread before the JAXWS client creation, that is automatically restored when returning control to the user; in other words, the bus corresponding to the current thread context classloader will be used only for the created JAXWS client but won't stay associated to the current thread at the end of the process. If the thread was not associated to any bus before the client creation, a new bus will be created (and later user for any other client built with this strategy and the same TCCL in place); no bus will be associated to the thread at the end of the client creation.</para>
</section>
<section id="sid-3866786_ApacheCXFintegration-Strategyconfiguration">
@@ -1439,7 +1419,7 @@
...
</webservices></programlisting>
</informalexample>
- <para>JBossWS-CXF integration comes with a set of allowed property names to control Apache CXF internals. The main advantage of the property based approach is that it does not require Spring libraries.</para>
+ <para>JBossWS-CXF integration comes with a set of allowed property names to control Apache CXF internals.</para>
<section id="sid-3866786_ApacheCXFintegration-WorkQueueconfiguration">
<title>WorkQueue configuration</title>
@@ -1449,9 +1429,7 @@
is installed in the Bus as an extension and allows for adding / removing queues as well as controlling the existing ones.
</para>
<para>
- On server side, queues can be provided through
- <emphasis role="italics">Spring</emphasis>
- based Bus declaration or by using the
+ On server side, queues can be provided by using the
<code>cxf.queue.<queue-name>.*</code>
properties in
<code>jboss-webservices.xml</code>
@@ -1553,7 +1531,7 @@
<title>MBean management</title>
<para>
- Apache CXF allows managing its MBean objects that are installed into the JBoss AS MBean server. The feature is enabled on a deployment basis through the
+ Apache CXF allows managing its MBean objects that are installed into the WildFly MBean server. The feature is enabled on a deployment basis through the
<code>cxf.management.enabled</code>
property in
<code>jboss-webservices.xml</code>
@@ -1585,6 +1563,62 @@
.
</para>
</section>
+ <section id="sid-3866786_ApacheCXFintegration-Interceptors">
+
+ <title>Interceptors</title>
+ <para>
+ The
+ <code>jboss-webservices.xml</code>
+ descriptor also allows specifying the
+ <code>cxf.interceptors.in</code>
+ and
+ <code>cxf.interceptors.out</code>
+ properties; those allows declaring interceptors to be attached to the Bus instance that's created for serving the deployment.
+ </para>
+ <informalexample>
+ <programlisting><?xml version="1.1" encoding="UTF-8"?>
+<webservices
+ xmlns="http://www.jboss.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ version="1.2"
+ xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee">
+
+ <property>
+ <name>cxf.interceptors.in</name>
+ <value>org.jboss.test.ws.jaxws.cxf.interceptors.BusInterceptor</value>
+ </property>
+ <property>
+ <name>cxf.interceptors.out</name>
+ <value>org.jboss.test.ws.jaxws.cxf.interceptors.BusCounterInterceptor</value>
+ </property>
+</webservices></programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-3866786_ApacheCXFintegration-Features">
+
+ <title>Features</title>
+ <para>
+ The
+ <code>jboss-webservices.xml</code>
+ descriptor also allows specifying the
+ <code>cxf.features</code>
+ property; that allows declaring features to be attached to any endpoint belonging to the Bus instance that's created for serving the deployment.
+ </para>
+ <informalexample>
+ <programlisting><?xml version="1.1" encoding="UTF-8"?>
+<webservices
+ xmlns="http://www.jboss.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ version="1.2"
+ xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee">
+
+ <property>
+ <name>cxf.features</name>
+ <value>org.apache.cxf.feature.FastInfosetFeature</value>
+ </property>
+</webservices></programlisting>
+ </informalexample>
+ </section>
<section id="sid-3866786_ApacheCXFintegration-WSDiscoveryenablement">
<title>Discovery enablement</title>
@@ -1598,10 +1632,350 @@
</section>
</section>
</section>
+ <section id="sid-3866786_ApacheCXFintegration-ApacheCXFinterceptors">
+
+ <title>Apache CXF interceptors</title>
+ <para>Apache CXF supports declaring interceptors using one of the following approaches:</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Annotation usage on endpoint classes (
+ <code>@org.apache.cxf.interceptor.InInterceptor</code>
+ ,
+ <code>@org.apache.cxf.interceptor.OutInterceptor</code>
+ )
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Direct API usage on client side (through the
+ <code>org.apache.cxf.interceptor.InterceptorProvider</code>
+ interface)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Spring descriptor usage (
+ <emphasis role="italics">cxf.xml</emphasis>
+ )
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ As the Spring descriptor usage is not supported, the JBossWS integration adds an additional descriptor based approach to avoid requiring modifications to the actual client/endpoint code. Users can declare interceptors within
+ <link linkend="sid-41713670">predefined client and endpoint configurations</link>
+ by specifying a list of interceptor class names for the
+ <code>cxf.interceptors.in</code>
+ and
+ <code>cxf.interceptors.out</code>
+ properties.
+ </para>
+ <informalexample>
+ <programlisting><?xml version="1.0" encoding="UTF-8"?>
+<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
+ xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
+ <endpoint-config>
+ <config-name>org.jboss.test.ws.jaxws.cxf.interceptors.EndpointImpl</config-name>
+ <property>
+ <property-name>cxf.interceptors.in</property-name>
+ <property-value>org.jboss.test.ws.jaxws.cxf.interceptors.EndpointInterceptor,org.jboss.test.ws.jaxws.cxf.interceptors.FooInterceptor</property-value>
+ </property>
+ <property>
+ <property-name>cxf.interceptors.out</property-name>
+ <property-value>org.jboss.test.ws.jaxws.cxf.interceptors.EndpointCounterInterceptor</property-value>
+ </property>
+ </endpoint-config>
+</jaxws-config></programlisting>
+ </informalexample>
+ <para>A new instance of each specified interceptor class will be added to the client or endpoint the configuration is assigned to. The interceptor classes must have a no-argument constructor.</para>
+ </section>
+ <section id="sid-3866786_ApacheCXFintegration-ApacheCXFfeatures">
+
+ <title>Apache CXF features</title>
+ <para>Apache CXF supports declaring features using one of the following approaches:</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Annotation usage on endpoint classes (
+ <code>@org.apache.cxf.feature.Features</code>
+ )
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Direct API usage on client side (through extensions of the
+ <code>org.apache.cxf.feature.AbstractFeature</code>
+ class)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Spring descriptor usage (
+ <emphasis role="italics">cxf.xml</emphasis>
+ )
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ As the Spring descriptor usage is not supported, the JBossWS integration adds an additional descriptor based approach to avoid requiring modifications to the actual client/endpoint code. Users can declare features within
+ <link linkend="sid-41713670">predefined client and endpoint configurations</link>
+ by specifying a list of feature class names for the
+ <code>cxf.features</code>
+ property.
+ </para>
+ <informalexample>
+ <programlisting><?xml version="1.0" encoding="UTF-8"?>
+<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
+ xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
+ <endpoint-config>
+ <config-name>Custom FI Config</config-name>
+ <property>
+ <property-name>cxf.features</property-name>
+ <property-value>org.apache.cxf.feature.FastInfosetFeature</property-value>
+ </property>
+ </endpoint-config>
+</jaxws-config></programlisting>
+ </informalexample>
+ <para>A new instance of each specified feature class will be added to the client or endpoint the configuration is assigned to. The feature classes must have a no-argument constructor.</para>
+ </section>
+ <section id="sid-3866786_ApacheCXFintegration-Propertiesdrivenbeancreation">
+
+ <title>Properties driven bean creation</title>
+ <para>
+ Sections above explain how to declare CXF interceptors and features through properties either in a client/endpoint predefined configuration or in a
+ <code>jboss-webservices.xml</code>
+ descriptor. By getting the feature/interceptor class name only specified, the container simply tries to create a bean instance using the class default constructor. This sets a limitation on the feature/interceptor configuration, unless custom extensions of vanilla CXF classes are provided, with the default constructor setting properties before eventually using the super constructor.
+ </para>
+ <para>
+ To cope with this issue, JBossWS integration comes with a mechanism for configuring simple bean hierarchies when building them up from properties. Properties can have bean reference values, that is strings starting with
+ <code>##</code>
+ . Property reference keys are used to specify the bean class name and the value for for each attribute. So for instance the following properties:
+ </para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>
+ <para>
+ Key
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Value
+
+ </para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>
+ cxf.features
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ ##foo, ##bar
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ ##foo
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ org.jboss.Foo
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ ##foo.par
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ 34
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ ##bar
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ org.jboss.Bar
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ ##bar.color
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ blue
+
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>would result into the stack installing two feature instances, the same that would have been created by</para>
+ <informalexample>
+ <programlisting>import org.Bar;
+import org.Foo;
+
+...
+
+Foo foo = new Foo();
+foo.setPar(34);
+Bar bar = new Bar();
+bar.setColor("blue");</programlisting>
+ </informalexample>
+ <para>The mechanism assumes that the classes are valid beans with proper getter and setter methods; value objects are cast to the correct primitive type by inspecting the class definition. Nested beans can of course be configured.</para>
+ </section>
+ <section id="sid-3866786_ApacheCXFintegration-HTTPConduitconfiguration">
+
+ <title>HTTPConduit configuration</title>
+ <para>
+ HTTP transport setup in Apache CXF is achieved through
+ <code>org.apache.cxf.transport.http.HTTPConduit</code>
+ <ulink url="http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html">configurations</ulink>
+ . When running on top of the JBossWS integration, conduits can be programmatically modified using the Apache CXF API as follows:
+ </para>
+ <informalexample>
+ <programlisting>import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+
+//set chunking threshold before using a JAX-WS port client
+...
+HTTPConduit conduit = (HTTPConduit)ClientProxy.getClient(port).getConduit();
+HTTPClientPolicy client = conduit.getClient();
+
+client.setChunkingThreshold(8192);
+...
+</programlisting>
+ </informalexample>
+ <para>Users can also control the default values for the most common HTTPConduit parameters by setting specific system properties; the provided values will override Apache CXF defaut values.</para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>
+ <para>
+ Property
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Description
+
+ </para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>cxf.client.allowChunking</para>
+ </entry>
+ <entry>
+ <para>
+ A boolean to tell Apache CXF whether to allow send messages using chunking.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>cxf.client.chunkingThreshold</para>
+ </entry>
+ <entry>
+ <para>
+ An integer value to tell Apache CXF the threshold at which switching from non-chunking to chunking mode.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>cxf.client.connectionTimeout</para>
+ </entry>
+ <entry>
+ <para>
+ A long value to tell Apache CXF how many milliseconds to set the connection timeout to
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>cxf.client.receiveTimeout</para>
+ </entry>
+ <entry>
+ <para>A long value to tell Apache CXF how many milliseconds to set the receive timeout to</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>cxf.client.connection</para>
+ </entry>
+ <entry>
+ <para>
+ A string to tell Apache CXF to use
+ <code>Keep-Alive</code>
+ or
+ <code>close</code>
+ connection type
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>cxf.tls-client.disableCNCheck</para>
+ </entry>
+ <entry>
+ <para>
+ A boolean to tell Apache CXF whether disabling CN host name check or not
+
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>The vanilla Apache CXF defaults apply when the system properties above are not set.</para>
+ </section>
</section>
<section id="sid-3866793">
- <title>WS-Addressing</title>
+ <title>Addressing</title>
<para>
JBoss Web Services inherits full WS-Addressing capabilities from the underlying Apache CXF implementation. Apache CXF provides support for 2004-08 and
<ulink url="http://www.w3.org/TR/ws-addr-core/">1.0</ulink>
@@ -1645,7 +2019,7 @@
<para>
specifying the
<emphasis role="italics">[http://cxf.apache.org/ws/addressing]addressing</emphasis>
- feature for a given client/endpoint in an optional CXF Spring XML descriptor
+ feature for a given client/endpoint
</para>
</listitem>
<listitem>
@@ -1682,7 +2056,7 @@
</section>
<section id="sid-3866793_WS-Addressing-WSAddressingPolicy">
- <title>WS-Addressing Policy</title>
+ <title>Addressing Policy</title>
<para>The WS-Addressing support is also perfectly integrated with the Apache CXF WS-Policy engine.</para>
<para>
This basically means that the WSDL contract generation for code-first endpoint deployment is policy-aware: users can annotate endpoints with the
@@ -1973,6 +2347,19 @@
</para>
</entry>
</row>
+ <row>
+ <entry>
+ <para>ws-security.enable.streaming</para>
+ </entry>
+ <entry>
+ <para>
+ Enable
+ <ulink url="http://ws.apache.org/wss4j/streaming.html">streaming</ulink>
+ (StAX based) processing of WS-Security messages
+
+ </para>
+ </entry>
+ </row>
</tbody>
</tgroup>
</informaltable>
@@ -2380,7 +2767,7 @@
</informalexample>
<important>
<para>
- If you're deploying the endpoint archive to JBoss Application Server 7, remember to add a dependency to
+ If you're deploying the endpoint archive to WildFly, remember to add a dependency to
<emphasis role="italics">org.apache.ws.security</emphasis>
module in the MANIFEST.MF file.
</para>
@@ -2462,7 +2849,7 @@
<emphasis role="italics">ws-security.username</emphasis>
and
<emphasis role="italics">ws-security.callback-handler</emphasis>
- properties can be used similarly as shown in the signature and encryption example. Things become more interesting when requiring a given user to be authenticated (and authorized) against a security domain on the target JBoss Application Server.
+ properties can be used similarly as shown in the signature and encryption example. Things become more interesting when requiring a given user to be authenticated (and authorized) against a security domain on the target WildFly server.
</para>
<para>On server side, you need to install two additional interceptors that act as bridges towards the application server authentication layer:</para>
<itemizedlist>
@@ -2481,7 +2868,7 @@
</para>
</listitem>
</itemizedlist>
- <para>So, here follows an example of WS-SecurityPolicy endpoint using Username Token Profile for authenticating through the JBoss Application Server security domain system.</para>
+ <para>So, here follows an example of WS-SecurityPolicy endpoint using Username Token Profile for authenticating through the WildFly security domain system.</para>
<section id="sid-3866795_WS-Security-Endpointx">
<title>Endpoint</title>
@@ -2749,7 +3136,7 @@
</informalexample>
<important>
<para>
- If you're deploying the endpoint archive to JBoss Application Server 7, remember to add a dependency to
+ If you're deploying the endpoint archive to WildFly, remember to add a dependency to
<emphasis role="italics">org.apache.ws.security</emphasis>
and
<emphasis role="italics">org.apache.cxf</emphasis>
@@ -3009,7 +3396,7 @@
<section id="sid-47972359_WS-TrustandSTS-ApacheCXFsupport">
<title>Apache CXF support</title>
- <para>Apache CXF is an open-source, fully featured Web services framework. The JBossWS open source project integrates the JBoss Web Services (JBossWS) stack with the Apache CXF project modules thus providing WS-Trust and other JAX-WS functionality in the JBoss Application Server. This integration makes it easy to deploy CXF STS implementations, however JBoss Application Server can run any WS-Trust compliant STS. In addition the Apache CXF API provides a STSClient utility to facilitate web service requester communication with its STS.</para>
+ <para>Apache CXF is an open-source, fully featured Web services framework. The JBossWS open source project integrates the JBoss Web Services (JBossWS) stack with the Apache CXF project modules thus providing WS-Trust and other JAX-WS functionality in WildFly. This integration makes it easy to deploy CXF STS implementations, however WildFly can run any WS-Trust compliant STS. In addition the Apache CXF API provides a STSClient utility to facilitate web service requester communication with its STS.</para>
<para>
Detailed information about the Apache CXF's WS-Trust implementation can be found
<ulink url="http://coheigea.blogspot.it/2011/10/apache-cxf-sts-documentation-part-i.html">here</ulink>
@@ -3338,7 +3725,7 @@
<para>
The web service provider implementation class, ServiceImpl, is a simple POJO. It uses the standard WebService annotation to define the service endpoint. In addition there are two Apache CXF annotations, EndpointProperties and EndpointProperty used for configuring the endpoint for the CXF runtime. These annotations come from the
<ulink url="https://ws.apache.org/wss4j/">Apache WSS4J project</ulink>
- , which provides a Java implementation of the primary WS-Security standards for Web Services. These annotations are programmatically adding properties to the endpoint. Traditionally, these properties would be set via the <jaxws:properties> element on the <jaxws:endpoint> element in the spring config, but these annotations allow the properties to be configured in the code.
+ , which provides a Java implementation of the primary WS-Security standards for Web Services. These annotations are programmatically adding properties to the endpoint. With plain Apache CXF, these properties are often set via the <jaxws:properties> element on the <jaxws:endpoint> element in the Spring config; these annotations allow the properties to be configured in the code.
</para>
<para>WSS4J uses the Crypto interface to get keys and certificates for encryption/decryption and for signature creation/verification. As is asserted by the WSDL, X509 keys and certificates are required for this service. The WSS4J configuration information being provided by ServiceImpl is for Crypto's Merlin implementation. More information will be provided about this in the keystore section.</para>
<para>The first EndpointProperty statement in the listing is declaring the user's name to use for the message signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. The next two EndpointProperty statements declares the Java properties file that contains the (Merlin) crypto configuration information. In this case both for signing and encrypting the messages. WSS4J reads this file and extra required information for message handling. The last EndpointProperty statement declares the ServerCallbackHandler implementation class. It is used to obtain the user's password for the certificates in the keystore file.</para>
@@ -3427,7 +3814,7 @@
<section id="sid-47972359_WS-TrustandSTS-MANIFEST.MF">
<title>MANIFEST.MF</title>
- <para>When deployed on JBoss Application Server this application requires access to the JBossWs and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The dependency statement directs the server to provide them at deployment.</para>
+ <para>When deployed on WildFly this application requires access to the JBossWs and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The dependency statement directs the server to provide them at deployment.</para>
<informalexample>
<programlisting>
Manifest-Version: 1.0
@@ -4001,7 +4388,7 @@
<title>MANIFEST.MF</title>
<para>
- When deployed on JBoss Application Server, this application requires access to the JBossWs and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are needed to build the STS configuration in the
+ When deployed on WildFly, this application requires access to the JBossWs and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are needed to build the STS configuration in the
<code>SampleSTS</code>
constructor. The dependency statement directs the server to provide them at deployment.
</para>
@@ -4017,19 +4404,31 @@
<section id="sid-47972359_WS-TrustandSTS-SecurityDomain">
<title>Security Domain</title>
+ <para>The STS requires a JBoss security domain be configured. The jboss-web.xml descriptor declares a named security domain,"JBossWS-trust-sts" to be used by this service for authentication. This security domain requires two properties files and the addition of a security-domain declaration in the JBoss server configuration file.</para>
<para>
- The
- <emphasis role="italics">jboss-web.xml</emphasis>
- descriptor is used to set the security domain to be used for authentication. For this scenario the domain will need to contain user
- <emphasis role="italics">alice,</emphasis>
- password
- <emphasis role="italics">clarinet,</emphasis>
- and role
+ For this scenario the domain needs to contain user
+ <emphasis role="italics">alice</emphasis>
+ , password
+ <emphasis role="italics">clarinet</emphasis>
+ , and role
<emphasis role="italics">friend</emphasis>
- . See the listings for jbossws-users.properties and jbossws-roles.properties. In addition the JBoss Application Server needs to be configured with the domain name, "JBossWS-trust-sts", and with the users and roles properties files. See the directions in this
- <ulink url="http://middlewaremagic.com/jboss/?p=2049">article</ulink>
- about configuring the security domain using the CLI.
+ . See the listings below for jbossws-users.properties and jbossws-roles.properties. In addition the following XML must be added to the JBoss security subsystem in the server configuration file. Replace "
+ <emphasis role="strong">SOME_PATH</emphasis>
+ " with appropriate information.
</para>
+ <informalexample>
+ <programlisting>
+ <security-domain name="JBossWS-trust-sts">
+ <authentication>
+ <login-module code="UsersRoles" flag="required">
+ <module-option name="usersProperties" value="/SOME_PATH/jbossws-users.properties"/>
+ <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ <module-option name="rolesProperties" value="/SOME_PATH/jbossws-roles.properties"/>
+ </login-module>
+ </authentication>
+</security-domain>
+</programlisting>
+ </informalexample>
<para>jboss-web.xml</para>
<informalexample>
<programlisting>
@@ -4176,7 +4575,7 @@
<section id="sid-47972359_WS-TrustandSTS-ClientCallbackHandler">
<title>ClientCallbackHandler</title>
- <para>ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature. Note that "alice" and her password have been provided here. This information is not in the (JKS) keystore but provided in the JBoss Application Server security domain. It was declared in file jbossws-users.properties.</para>
+ <para>ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature. Note that "alice" and her password have been provided here. This information is not in the (JKS) keystore but provided in the WildFly security domain. It was declared in file jbossws-users.properties.</para>
<informalexample>
<programlisting>
package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
@@ -4208,9 +4607,9 @@
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-Cryptopropertiesandkeystorefilesxx">
+ <section id="sid-47972359_WS-TrustandSTS-RequesterCryptopropertiesandkeystorefiles">
- <title>Crypto properties and keystore files</title>
+ <title>Requester Crypto properties and keystore files</title>
<para>
WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File clientKeystore.properties contains this information.
@@ -4506,7 +4905,7 @@
</PicketLinkSTS>
</programlisting>
</informalexample>
- <para>Finally, the PicketLink alternative approach of course requires different JBoss AS module dependencies to be declared in the MANIFEST.MF:</para>
+ <para>Finally, the PicketLink alternative approach of course requires different WildFly module dependencies to be declared in the MANIFEST.MF:</para>
<informalexample>
<programlisting>
Manifest-Version: 1.0
@@ -4543,134 +4942,134 @@
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWSTrustScenario">
+ </section>
+ <section id="sid-78711224">
+
+ <title>ActAs WS-Trust Scenario</title>
+ <para>
+ The ActAs feature is used in scenarios that require composite delegation. It is commonly used in multi-tiered systems where an application calls a service on behalf of a logged in user or a service calls another service on behalf of the original caller.
- <title>ActAs WS-Trust Scenario</title>
- <para>
- The ActAs feature is used in scenarios that require composite delegation. It is commonly used in multi-tiered systems where an application calls a service on behalf of a logged in user or a service calls another service on behalf of the original caller.
+ </para>
+ <para>
+ ActAs is nothing more than a new sub-element in the RequestSecurityToken (RST). It provides additional information about the original caller when a token is negotiated with the STS. The ActAs element usually takes the form of a token with identity claims such as name, role, and authorization code, for the client to access the service.
+
+ </para>
+ <para>
+ The ActAs scenario is an extension of
+ <link linkend="sid-78711224">the basic WS-Trust scenario</link>
+ . In this example the ActAs service calls the ws-service on behalf of a user. There are only a couple of additions to the basic scenario's code. An ActAs web service provider and callback handler have been added. The ActAs web services' WSDL imposes the same security policies as the ws-provider. UsernameTokenCallbackHandler is new. It is a utility that generates the content for the ActAs element. And lastly there are a couple of code additions in the STS to support the ActAs request.
+ </para>
+ <section id="sid-78711224_ActAsWS-TrustScenario-Webserviceprovider">
+
+ <title>Web service provider</title>
+ <para>This section examines the web service elements from the basic WS-Trust scenario that have been changed to address the needs of the ActAs example. The components are</para>
+ <itemizedlist>
+ <listitem>
+ <para>ActAs web service provider's WSDL</para>
+ </listitem>
+ <listitem>
+ <para>ActAs web service provider's Interface and Implementation classes.</para>
+ </listitem>
+ <listitem>
+ <para>ActAsCallbackHandler class</para>
+ </listitem>
+ <listitem>
+ <para>UsernameTokenCallbackHandler</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ <listitem>
+ <para>MANIFEST.MF</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78711224_ActAsWS-TrustScenario-WebserviceproviderWSDL">
- </para>
- <para>
- ActAs is nothing more than a new sub-element in the RequestSecurityToken (RST). It provides additional information about the original caller when a token is negotiated with the STS. The ActAs element usually takes the form of a token with identity claims such as name, role, and authorization code, for the client to access the service.
-
- </para>
- <para>
- The ActAs scenario is an extension of
- <link linkend="sid-47972359_WS-TrustandSTS-ABasicWSTrustScenario">the basic WS-Trust scenario</link>
- . In this example the ActAs service calls the ws-service on behalf of a user. There are only a couple of additions to the basic scenario's code. An ActAs web service provider and callback handler have been added. The ActAs web services' WSDL imposes the same security policies as the ws-provider. UsernameTokenCallbackHandler is new. It is a utility that generates the content for the ActAs element. And lastly there are a couple of code additions in the STS to support the ActAs request.
- </para>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWebserviceprovider">
-
- <title>ActAs Web service provider</title>
- <para>This section examines the web service elements from the basic WS-Trust scenario that have been changed to address the needs of the ActAs example. The components are</para>
- <itemizedlist>
- <listitem>
- <para>ActAs web service provider's WSDL</para>
- </listitem>
- <listitem>
- <para>ActAs web service provider's Interface and Implementation classes.</para>
- </listitem>
- <listitem>
- <para>ActAsCallbackHandler class</para>
- </listitem>
- <listitem>
- <para>UsernameTokenCallbackHandler</para>
- </listitem>
- <listitem>
- <para>Crypto properties and keystore files</para>
- </listitem>
- <listitem>
- <para>MANIFEST.MF</para>
- </listitem>
- </itemizedlist>
- </section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWebserviceproviderWSDL">
-
- <title>ActAs Web service provider WSDL</title>
+ <title>Web service provider WSDL</title>
<para>The ActAs web service provider's WSDL is a clone of the ws-provider's WSDL. The wsp:Policy section is the same. There are changes to the service endpoint, targetNamespace, portType, binding name, and service.</para>
<informalexample>
<programlisting>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<definitions targetNamespace="http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy" name="ActAsService"
- xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
- xmlns:wsaws="http://www.w3.org/2005/08/addressing"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
- <types>
- <xsd:schema>
- <xsd:import namespace="http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy"
- schemaLocation="ActAsService_schema1.xsd"/>
- </xsd:schema>
- </types>
- <message name="sayHello">
- <part name="parameters" element="tns:sayHello"/>
- </message>
- <message name="sayHelloResponse">
- <part name="parameters" element="tns:sayHelloResponse"/>
- </message>
- <portType name="ActAsServiceIface">
- <operation name="sayHello">
- <input message="tns:sayHello"/>
- <output message="tns:sayHelloResponse"/>
- </operation>
- </portType>
- <binding name="ActAsServicePortBinding" type="tns:ActAsServiceIface">
- <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
- <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
- <operation name="sayHello">
- <soap:operation soapAction=""/>
- <input>
- <soap:body use="literal"/>
- <wsp:PolicyReference URI="#Input_Policy" />
- </input>
- <output>
- <soap:body use="literal"/>
- <wsp:PolicyReference URI="#Output_Policy" />
- </output>
- </operation>
- </binding>
- <service name="ActAsService">
- <port name="ActAsServicePort" binding="tns:ActAsServicePortBinding">
- <soap:address location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-actas/ActAsService"/>
- </port>
- </service>
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy"
+ schemaLocation="ActAsService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <portType name="ActAsServiceIface">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+ <binding name="ActAsServicePortBinding" type="tns:ActAsServiceIface">
+ <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#Input_Policy" />
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#Output_Policy" />
+ </output>
+ </operation>
+ </binding>
+ <service name="ActAsService">
+ <port name="ActAsServicePort" binding="tns:ActAsServicePortBinding">
+ <soap:address location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-actas/ActAsService"/>
+ </port>
+ </service>
</definitions>
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWebServiceInterface">
+ <section id="sid-78711224_ActAsWS-TrustScenario-WebServiceInterface">
- <title>ActAs Web Service Interface</title>
+ <title>Web Service Interface</title>
<para>The web service provider interface class, ActAsServiceIface, is a simple web service definition.</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas;
-
-import javax.jws.WebMethod;
-import javax.jws.WebService;
-
-@WebService
-(
- targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy"
-)
-public interface ActAsServiceIface
-{
- @WebMethod
- String sayHello();
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+(
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy"
+)
+public interface ActAsServiceIface
+{
+ @WebMethod
+ String sayHello();
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWebServiceImplementation">
+ <section id="sid-78711224_ActAsWS-TrustScenario-WebServiceImplementation">
- <title>ActAs Web Service Implementation</title>
+ <title>Web Service Implementation</title>
<para>
The web service provider implementation class, ActAsServiceImpl, is a simple POJO. It uses the standard WebService annotation to define the service endpoint and two Apache WSS4J annotations, EndpointProperties and EndpointProperty used for configuring the endpoint for the CXF runtime. The WSS4J configuration information provided is for WSS4J's Crypto Merlin implementation.
@@ -4678,129 +5077,129 @@
<para>ActAsServiceImpl is calling ServiceImpl acting on behalf of the user. Method setupService performs the requisite configuration setup.</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.annotations.EndpointProperties;
-import org.apache.cxf.annotations.EndpointProperty;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.trust.STSClient;
-import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
-import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.WSTrustAppUtils;
-
-import javax.jws.WebService;
-import javax.xml.namespace.QName;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Map;
-
-@WebService
-(
- portName = "ActAsServicePort",
- serviceName = "ActAsService",
- wsdlLocation = "WEB-INF/wsdl/ActAsService.wsdl",
- targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy",
- endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas.ActAsServiceIface"
-)
-
-@EndpointProperties(value = {
- @EndpointProperty(key = "ws-security.signature.username", value = "myactaskey"),
- @EndpointProperty(key = "ws-security.signature.properties", value = "actasKeystore.properties"),
- @EndpointProperty(key = "ws-security.encryption.properties", value = "actasKeystore.properties"),
- @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas.ActAsCallbackHandler")
-})
-
-public class ActAsServiceImpl implements ActAsServiceIface
-{
- public String sayHello() {
- try {
- ServiceIface proxy = setupService();
- return "ActAs " + proxy.sayHello();
- } catch (MalformedURLException e) {
- e.printStackTrace();
- }
- return null;
- }
-
- private ServiceIface setupService()throws MalformedURLException {
- ServiceIface proxy = null;
- Bus bus = BusFactory.newInstance().createBus();
-
- try {
- BusFactory.setThreadDefaultBus(bus);
-
- final String serviceURL = "http://" + WSTrustAppUtils.getServerHost() + ":8080/jaxws-samples-wsse-policy-trust/SecurityService";
- final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
- final URL wsdlURL = new URL(serviceURL + "?wsdl");
- Service service = Service.create(wsdlURL, serviceName);
- proxy = (ServiceIface) service.getPort(ServiceIface.class);
-
- Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new ActAsCallbackHandler());
-
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource("actasKeystore.properties" ));
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myactaskey" );
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource("../../META-INF/clientKeystore.properties" ));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
-
- STSClient stsClient = new STSClient(bus);
- Map<String, Object> props = stsClient.getProperties();
- props.put(SecurityConstants.USERNAME, "alice");
- props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
- props.put(SecurityConstants.STS_TOKEN_USERNAME, "myactaskey" );
- props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource("actasKeystore.properties" ));
- props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-
- ctx.put(SecurityConstants.STS_CLIENT, stsClient);
-
- } finally {
- bus.shutdown(true);
- }
-
- return proxy;
- }
-
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.WSTrustAppUtils;
+
+import javax.jws.WebService;
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Map;
+
+@WebService
+(
+ portName = "ActAsServicePort",
+ serviceName = "ActAsService",
+ wsdlLocation = "WEB-INF/wsdl/ActAsService.wsdl",
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy",
+ endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas.ActAsServiceIface"
+)
+
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "myactaskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "actasKeystore.properties"),
+ @EndpointProperty(key = "ws-security.encryption.properties", value = "actasKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas.ActAsCallbackHandler")
+})
+
+public class ActAsServiceImpl implements ActAsServiceIface
+{
+ public String sayHello() {
+ try {
+ ServiceIface proxy = setupService();
+ return "ActAs " + proxy.sayHello();
+ } catch (MalformedURLException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ private ServiceIface setupService()throws MalformedURLException {
+ ServiceIface proxy = null;
+ Bus bus = BusFactory.newInstance().createBus();
+
+ try {
+ BusFactory.setThreadDefaultBus(bus);
+
+ final String serviceURL = "http://" + WSTrustAppUtils.getServerHost() + ":8080/jaxws-samples-wsse-policy-trust/SecurityService";
+ final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
+ final URL wsdlURL = new URL(serviceURL + "?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ proxy = (ServiceIface) service.getPort(ServiceIface.class);
+
+ Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ActAsCallbackHandler());
+
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("actasKeystore.properties" ));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myactaskey" );
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("../../META-INF/clientKeystore.properties" ));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+ STSClient stsClient = new STSClient(bus);
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myactaskey" );
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("actasKeystore.properties" ));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+
+ } finally {
+ bus.shutdown(true);
+ }
+
+ return proxy;
+ }
+
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsCallbackHandler">
+ <section id="sid-78711224_ActAsWS-TrustScenario-ActAsCallbackHandler">
<title>ActAsCallbackHandler</title>
<para>ActAsCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature. This class has been revised to return the passwords for this service, myactaskey and the "actas" user, alice.</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas;
-
-import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
-import java.util.HashMap;
-import java.util.Map;
-
-public class ActAsCallbackHandler extends PasswordCallbackHandler {
-
- public ActAsCallbackHandler()
- {
- super(getInitMap());
- }
-
- private static Map<String, String> getInitMap()
- {
- Map<String, String> passwords = new HashMap<String, String>();
- passwords.put("myactaskey", "aspass");
- passwords.put("alice", "clarinet");
- return passwords;
- }
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.actas;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+import java.util.HashMap;
+import java.util.Map;
+
+public class ActAsCallbackHandler extends PasswordCallbackHandler {
+
+ public ActAsCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("myactaskey", "aspass");
+ passwords.put("alice", "clarinet");
+ return passwords;
+ }
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-UsernameTokenCallbackHandler">
+ <section id="sid-78711224_ActAsWS-TrustScenario-UsernameTokenCallbackHandler">
<title>UsernameTokenCallbackHandler</title>
<para>
@@ -4808,168 +5207,168 @@
</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
-
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.token.UsernameToken;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.Element;
-import org.w3c.dom.ls.DOMImplementationLS;
-import org.w3c.dom.ls.LSSerializer;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import java.io.IOException;
-import java.util.Map;
-
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.UsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.Element;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSSerializer;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+import java.util.Map;
+
/**
* A utility to provide the 3 different input parameter types for jaxws property
* "ws-security.sts.token.act-as" and "ws-security.sts.token.on-behalf-of".
* This implementation obtains a username and password via the jaxws property
* "ws-security.username" and "ws-security.password" respectively, as defined
-* in SecurityConstants. It creates a wss UsernameToken to be used as the
+* in SecurityConstants. It creates a wss UsernameToken to be used as the
* delegation token.
-*/
-
-public class UsernameTokenCallbackHandler implements CallbackHandler {
-
- public void handle(Callback[] callbacks)
- throws IOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- if (callbacks[i] instanceof DelegationCallback) {
- DelegationCallback callback = (DelegationCallback) callbacks[i];
- Message message = callback.getCurrentMessage();
-
- String username =
- (String)message.getContextualProperty(SecurityConstants.USERNAME);
- String password =
- (String)message.getContextualProperty(SecurityConstants.PASSWORD);
- if (username != null) {
- Node contentNode = message.getContent(Node.class);
- Document doc = null;
- if (contentNode != null) {
- doc = contentNode.getOwnerDocument();
- } else {
- doc = DOMUtils.createDocument();
- }
- UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
- callback.setToken(usernameToken.getElement());
- }
- } else {
- throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
- }
- }
- }
-
- /**
- * Provide UsernameToken as a string.
- * @param ctx
- * @return
- */
- public String getUsernameTokenString(Map<String, Object> ctx){
- Document doc = DOMUtils.createDocument();
- String result = null;
- String username = (String)ctx.get(SecurityConstants.USERNAME);
- String password = (String)ctx.get(SecurityConstants.PASSWORD);
- if (username != null) {
- UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
- result = toString(usernameToken.getElement().getFirstChild().getParentNode());
- }
- return result;
- }
-
- /**
- *
- * @param username
- * @param password
- * @return
- */
- public String getUsernameTokenString(String username, String password){
- Document doc = DOMUtils.createDocument();
- String result = null;
- if (username != null) {
- UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
- result = toString(usernameToken.getElement().getFirstChild().getParentNode());
- }
- return result;
- }
-
- /**
- * Provide UsernameToken as a DOM Element.
- * @param ctx
- * @return
- */
- public Element getUsernameTokenElement(Map<String, Object> ctx){
- Document doc = DOMUtils.createDocument();
- Element result = null;
- UsernameToken usernameToken = null;
- String username = (String)ctx.get(SecurityConstants.USERNAME);
- String password = (String)ctx.get(SecurityConstants.PASSWORD);
- if (username != null) {
- usernameToken = createWSSEUsernameToken(username,password, doc);
- result = usernameToken.getElement();
- }
- return result;
- }
-
- /**
- *
- * @param username
- * @param password
- * @return
- */
- public Element getUsernameTokenElement(String username, String password){
- Document doc = DOMUtils.createDocument();
- Element result = null;
- UsernameToken usernameToken = null;
- if (username != null) {
- usernameToken = createWSSEUsernameToken(username,password, doc);
- result = usernameToken.getElement();
- }
- return result;
- }
-
- private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) {
-
- UsernameToken usernameToken = new UsernameToken(true, doc,
- (password == null)? null: WSConstants.PASSWORD_TEXT);
- usernameToken.setName(username);
- usernameToken.addWSUNamespace();
- usernameToken.addWSSENamespace();
- usernameToken.setID("id-" + username);
-
- if (password != null){
- usernameToken.setPassword(password);
- }
-
- return usernameToken;
- }
-
-
- private String toString(Node node) {
- String str = null;
-
- if (node != null) {
- DOMImplementationLS lsImpl = (DOMImplementationLS)
- node.getOwnerDocument().getImplementation().getFeature("LS", "3.0");
- LSSerializer serializer = lsImpl.createLSSerializer();
- serializer.getDomConfig().setParameter("xml-declaration", false); //by default its true, so set it to false to get String without xml-declaration
- str = serializer.writeToString(node);
- }
- return str;
- }
-
+*/
+
+public class UsernameTokenCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof DelegationCallback) {
+ DelegationCallback callback = (DelegationCallback) callbacks[i];
+ Message message = callback.getCurrentMessage();
+
+ String username =
+ (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ String password =
+ (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ if (username != null) {
+ Node contentNode = message.getContent(Node.class);
+ Document doc = null;
+ if (contentNode != null) {
+ doc = contentNode.getOwnerDocument();
+ } else {
+ doc = DOMUtils.createDocument();
+ }
+ UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
+ callback.setToken(usernameToken.getElement());
+ }
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+ /**
+ * Provide UsernameToken as a string.
+ * @param ctx
+ * @return
+ */
+ public String getUsernameTokenString(Map<String, Object> ctx){
+ Document doc = DOMUtils.createDocument();
+ String result = null;
+ String username = (String)ctx.get(SecurityConstants.USERNAME);
+ String password = (String)ctx.get(SecurityConstants.PASSWORD);
+ if (username != null) {
+ UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = toString(usernameToken.getElement().getFirstChild().getParentNode());
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param username
+ * @param password
+ * @return
+ */
+ public String getUsernameTokenString(String username, String password){
+ Document doc = DOMUtils.createDocument();
+ String result = null;
+ if (username != null) {
+ UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = toString(usernameToken.getElement().getFirstChild().getParentNode());
+ }
+ return result;
+ }
+
+ /**
+ * Provide UsernameToken as a DOM Element.
+ * @param ctx
+ * @return
+ */
+ public Element getUsernameTokenElement(Map<String, Object> ctx){
+ Document doc = DOMUtils.createDocument();
+ Element result = null;
+ UsernameToken usernameToken = null;
+ String username = (String)ctx.get(SecurityConstants.USERNAME);
+ String password = (String)ctx.get(SecurityConstants.PASSWORD);
+ if (username != null) {
+ usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = usernameToken.getElement();
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param username
+ * @param password
+ * @return
+ */
+ public Element getUsernameTokenElement(String username, String password){
+ Document doc = DOMUtils.createDocument();
+ Element result = null;
+ UsernameToken usernameToken = null;
+ if (username != null) {
+ usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = usernameToken.getElement();
+ }
+ return result;
+ }
+
+ private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) {
+
+ UsernameToken usernameToken = new UsernameToken(true, doc,
+ (password == null)? null: WSConstants.PASSWORD_TEXT);
+ usernameToken.setName(username);
+ usernameToken.addWSUNamespace();
+ usernameToken.addWSSENamespace();
+ usernameToken.setID("id-" + username);
+
+ if (password != null){
+ usernameToken.setPassword(password);
+ }
+
+ return usernameToken;
+ }
+
+
+ private String toString(Node node) {
+ String str = null;
+
+ if (node != null) {
+ DOMImplementationLS lsImpl = (DOMImplementationLS)
+ node.getOwnerDocument().getImplementation().getFeature("LS", "3.0");
+ LSSerializer serializer = lsImpl.createLSSerializer();
+ serializer.getDomConfig().setParameter("xml-declaration", false); //by default its true, so set it to false to get String without xml-declaration
+ str = serializer.writeToString(node);
+ }
+ return str;
+ }
+
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-Cryptopropertiesandkeystorefilesxxx">
+ <section id="sid-78711224_ActAsWS-TrustScenario-Cryptopropertiesandkeystorefiles">
<title>Crypto properties and keystore files</title>
<para>
@@ -4977,33 +5376,33 @@
</para>
<informalexample>
<programlisting>
-org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=aapass
-org.apache.ws.security.crypto.merlin.keystore.alias=myactaskey
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=aapass
+org.apache.ws.security.crypto.merlin.keystore.alias=myactaskey
org.apache.ws.security.crypto.merlin.keystore.file=actasstore.jks
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-MANIFEST.MFxx">
+ <section id="sid-78711224_ActAsWS-TrustScenario-MANIFEST.MF">
<title>MANIFEST.MF</title>
<para>
- <emphasis role="color:#000000">When deployed on JBoss Application Server this application requires access to the JBossWs and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are needed in handling the ActAs and OnBehalfOf extensions. The dependency statement directs the server to provide them at deployment.</emphasis>
+ <emphasis role="color:#000000">When deployed on WildFly this application requires access to the JBossWs and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are needed in handling the ActAs and OnBehalfOf extensions. The dependency statement directs the server to provide them at deployment.</emphasis>
</para>
<informalexample>
<programlisting>
-Manifest-Version: 1.0
-Ant-Version: Apache Ant 1.8.2
-Created-By: 1.7.0_25-b15 (Oracle Corporation)
+Manifest-Version: 1.0
+Ant-Version: Apache Ant 1.8.2
+Created-By: 1.7.0_25-b15 (Oracle Corporation)
Dependencies: org.jboss.ws.cxf.jbossws-cxf-client, org.apache.cxf.impl
</programlisting>
</informalexample>
</section>
</section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsSecurityTokenService">
+ <section id="sid-78711224_ActAsWS-TrustScenario-SecurityTokenService">
- <title>ActAs Security Token Service</title>
+ <title>Security Token Service</title>
<para>This section examines the STS elements from the basic WS-Trust scenario that have been changed to address the needs of the ActAs example. The components are.</para>
<itemizedlist>
<listitem>
@@ -5013,12 +5412,12 @@
<para>STSCallbackHandler class</para>
</listitem>
</itemizedlist>
- <section id="sid-47972359_WS-TrustandSTS-STSImplementationclass">
+ <section id="sid-78711224_ActAsWS-TrustScenario-STSImplementationclass">
<title>STS Implementation class</title>
<para>
The initial description of SampleSTS can be found
- <link linkend="sid-47972359_WS-TrustandSTS-STSImplementation">here</link>
+ <link linkend="sid-78711224">here</link>
.
</para>
@@ -5029,7 +5428,7 @@
<para>The TokenIssueOperation requires class, UsernameTokenValidator be provided in order to validate the contents of the OnBehalfOf claims and class, UsernameTokenDelegationHandler to be provided in order to process the token delegation request of the ActAs on OnBehalfOf user.</para>
<informalexample>
<programlisting>
- package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
+ package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
import java.util.Arrays;
import java.util.LinkedList;
@@ -5052,499 +5451,2723 @@
import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
@WebServiceProvider(serviceName = "SecurityTokenService",
- portName = "UT_Port",
- targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
- wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")
+ portName = "UT_Port",
+ targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+ wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")
//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF annotations are ignored
@EndpointProperties(value = {
- @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
- @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
- @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.STSCallbackHandler"),
- @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below
+ @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.STSCallbackHandler"),
+ @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below
})
@InInterceptors(interceptors = {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})
public class SampleSTS extends SecurityTokenServiceProvider
{
- public SampleSTS() throws Exception
- {
- super();
-
- StaticSTSProperties props = new StaticSTSProperties();
- props.setSignatureCryptoProperties("stsKeystore.properties");
- props.setSignatureUsername("mystskey");
- props.setCallbackHandlerClass(STSCallbackHandler.class.getName());
- props.setIssuer("DoubleItSTSIssuer");
-
- List<ServiceMBean> services = new LinkedList<ServiceMBean>();
- StaticService service = new StaticService();
- service.setEndpoints(Arrays.asList(
- "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
- "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
- "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+ public SampleSTS() throws Exception
+ {
+ super();
- "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
- "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
- "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(STSCallbackHandler.class.getName());
+ props.setIssuer("DoubleItSTSIssuer");
- "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBeha...",
- "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService",
- "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"
- ));
- services.add(service);
-
- TokenIssueOperation issueOperation = new TokenIssueOperation();
- issueOperation.setServices(services);
- issueOperation.getTokenProviders().add(new SAMLTokenProvider());
- // required for OnBehalfOf
- issueOperation.getTokenValidators().add(new UsernameTokenValidator());
- // added for OnBehalfOf and ActAs
- issueOperation.getDelegationHandlers().add(new UsernameTokenDelegationHandler());
- issueOperation.setStsProperties(props);
-
- TokenValidateOperation validateOperation = new TokenValidateOperation();
- validateOperation.getTokenValidators().add(new SAMLTokenValidator());
- validateOperation.setStsProperties(props);
-
- this.setIssueOperation(issueOperation);
- this.setValidateOperation(validateOperation);
- }
+ List<ServiceMBean> services = new LinkedList<ServiceMBean>();
+ StaticService service = new StaticService();
+ service.setEndpoints(Arrays.asList(
+ "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+ "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+ "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+
+ "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+ "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+ "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+
+ "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBeha...",
+ "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService",
+ "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"
+ ));
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.setServices(services);
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ // required for OnBehalfOf
+ issueOperation.getTokenValidators().add(new UsernameTokenValidator());
+ // added for OnBehalfOf and ActAs
+ issueOperation.getDelegationHandlers().add(new UsernameTokenDelegationHandler());
+ issueOperation.setStsProperties(props);
+
+ TokenValidateOperation validateOperation = new TokenValidateOperation();
+ validateOperation.getTokenValidators().add(new SAMLTokenValidator());
+ validateOperation.setStsProperties(props);
+
+ this.setIssueOperation(issueOperation);
+ this.setValidateOperation(validateOperation);
+ }
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-STSCallbackHandlerx">
+ <section id="sid-78711224_ActAsWS-TrustScenario-STSCallbackHandler">
<title>STSCallbackHandler</title>
<para>The user, alice, and corresponding password was required to be added for the ActAs example.</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
-
-public class STSCallbackHandler extends PasswordCallbackHandler
-{
- public STSCallbackHandler()
- {
- super(getInitMap());
- }
-
- private static Map<String, String> getInitMap()
- {
- Map<String, String> passwords = new HashMap<String, String>();
- passwords.put("mystskey", "stskpass");
- passwords.put("alice", "clarinet");
- return passwords;
- }
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+public class STSCallbackHandler extends PasswordCallbackHandler
+{
+ public STSCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("mystskey", "stskpass");
+ passwords.put("alice", "clarinet");
+ return passwords;
+ }
}
</programlisting>
</informalexample>
</section>
</section>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWebservicerequester">
+ <section id="sid-78711224_ActAsWS-TrustScenario-Webservicerequester">
- <title>ActAs Web service requester</title>
+ <title>Web service requester</title>
<para>This section examines the ws-requester elements from the basic WS-Trust scenario that have been changed to address the needs of the ActAs example. The component is</para>
<itemizedlist>
<listitem>
<para>ActAs web service requester implementation class</para>
</listitem>
</itemizedlist>
- <section id="sid-47972359_WS-TrustandSTS-ActAsWebservicerequesterImplementation">
+ <section id="sid-78711224_ActAsWS-TrustScenario-WebservicerequesterImplementation">
- <title>ActAs Web service requester Implementation</title>
- <para>The ActAs ws-requester, the client, uses standard procedures for creating a reference to the web service in the first four lines. To address the endpoint security requirements, the web service's "Request Context" is configured via the BindingProvider. Information needed in the message generation is provided through it. The ActAs user, myactaskey, is declared in this section and UsernameTokenCallbackHandler is used to provide the contents of the ActAs element to the STSClient. In this example a STSClient object is created and provided to the proxy's request context. The alternative is to provide keys tagged with the ".it" suffix as was done in [the Basic Scenario client|../../../../../../../../../../../#WS-TrustandSTS-WebservicerequesterImplementation||||\||]. The use of ActAs is configured through the props map using the SecurityConstants.STS_TOKEN_ACT_AS key. The alternative is to use the STSClient.setActAs method.</para>
+ <title>Web service requester Implementation</title>
+ <para>
+ The ActAs ws-requester, the client, uses standard procedures for creating a reference to the web service in the first four lines. To address the endpoint security requirements, the web service's "Request Context" is configured via the BindingProvider. Information needed in the message generation is provided through it. The ActAs user, myactaskey, is declared in this section and UsernameTokenCallbackHandler is used to provide the contents of the ActAs element to the STSClient. In this example a STSClient object is created and provided to the proxy's request context. The alternative is to provide keys tagged with the ".it" suffix as was done in
+ <ulink url="https://docs.jboss.org/author/display/JBWS/WS-Trust+and+STS#WS-TrustandST...">the Basic Scenario client</ulink>
+ . The use of ActAs is configured through the props map using the SecurityConstants.STS_TOKEN_ACT_AS key. The alternative is to use the STSClient.setActAs method.
+ </para>
<informalexample>
<programlisting>
- final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy", "ActAsService");
-final URL wsdlURL = new URL(serviceURL + "?wsdl");
-Service service = Service.create(wsdlURL, serviceName);
-ActAsServiceIface proxy = (ActAsServiceIface) service.getPort(ActAsServiceIface.class);
-
-Bus bus = BusFactory.newInstance().createBus();
-try {
- BusFactory.setThreadDefaultBus(bus);
-
- Map<String, Object> ctx = proxy.getRequestContext();
-
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myactaskey");
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
-
+ final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/actaswssecuritypolicy", "ActAsService");
+final URL wsdlURL = new URL(serviceURL + "?wsdl");
+Service service = Service.create(wsdlURL, serviceName);
+ActAsServiceIface proxy = (ActAsServiceIface) service.getPort(ActAsServiceIface.class);
+
+Bus bus = BusFactory.newInstance().createBus();
+try {
+ BusFactory.setThreadDefaultBus(bus);
+
+ Map<String, Object> ctx = proxy.getRequestContext();
+
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myactaskey");
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+
// Generate the ActAs element contents and pass to the STSClient as a string
- UsernameTokenCallbackHandler ch = new UsernameTokenCallbackHandler();
- String str = ch.getUsernameTokenString("myactaskey", null);
- ctx.put(SecurityConstants.STS_TOKEN_ACT_AS, str);
-
- STSClient stsClient = new STSClient(bus);
- Map<String, Object> props = stsClient.getProperties();
- props.put(SecurityConstants.USERNAME, "bob");
- props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- props.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
- props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
- props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-
- ctx.put(SecurityConstants.STS_CLIENT, stsClient);
-} finally {
- bus.shutdown(true);
-}
+ UsernameTokenCallbackHandler ch = new UsernameTokenCallbackHandler();
+ String str = ch.getUsernameTokenString("alice","clarinet");
+ ctx.put(SecurityConstants.STS_TOKEN_ACT_AS, str);
+
+ STSClient stsClient = new STSClient(bus);
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "bob");
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+} finally {
+ bus.shutdown(true);
+}
proxy.sayHello();
</programlisting>
</informalexample>
</section>
</section>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWSTrustScenario">
+ </section>
+ <section id="sid-78906783">
+
+ <title>OnBehalfOf WS-Trust Scenario</title>
+ <para>
+ The OnBehalfOf feature is used in scenarios that use the proxy pattern. In such scenarios, the client cannot access the STS directly, instead it communicates through a proxy gateway. The proxy gateway authenticates the caller and puts information about the caller into the OnBehalfOf element of the RequestSecurityToken (RST) sent to the real STS for processing. The resulting token contains only claims related to the client of the proxy, making the proxy completely transparent to the receiver of the issued token.
- <title>OnBehalfOf WS-Trust Scenario</title>
- <para>
- The OnBehalfOf feature is used in scenarios that use the proxy pattern. In such scenarios, the client cannot access the STS directly, instead it communicates through a proxy gateway. The proxy gateway authenticates the caller and puts information about the caller into the OnBehalfOf element of the RequestSecurityToken (RST) sent to the real STS for processing. The resulting token contains only claims related to the client of the proxy, making the proxy completely transparent to the receiver of the issued token.
+ </para>
+ <para>
+ OnBehalfOf is nothing more than a new sub-element in the RST. It provides additional information about the original caller when a token is negotiated with the STS. The OnBehalfOf element usually takes the form of a token with identity claims such as name, role, and authorization code, for the client to access the service.
+
+ </para>
+ <para>
+ The OnBehalfOf scenario is an extension of
+ <link linkend="sid-78906783">the basic WS-Trust scenario</link>
+ . In this example the OnBehalfOf service calls the ws-service on behalf of a user. There are only a couple of additions to the basic scenario's code. An OnBehalfOf web service provider and callback handler have been added. The OnBehalfOf web services' WSDL imposes the same security policies as the ws-provider. UsernameTokenCallbackHandler is a utility shared with ActAs. It generates the content for the OnBehalfOf element. And lastly there are code additions in the STS that both OnBehalfOf and ActAs share in common.
+
+ </para>
+ <para>
+ Infor here [
+ <ulink url="http://coheigea.blogspot.it/2012/01/apache-cxf-251-sts-updates.html">Open Source Security: Apache CXF 2.5.1 STS updates</ulink>
+ ]
+ </para>
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-Webserviceprovider">
+
+ <title>Web service provider</title>
+ <para>This section examines the web service elements from the basic WS-Trust scenario that have been changed to address the needs of the OnBehalfOf example. The components are.</para>
+ <itemizedlist>
+ <listitem>
+ <para>web service provider's WSDL</para>
+ </listitem>
+ <listitem>
+ <para>web service provider's Interface and Implementation classes.</para>
+ </listitem>
+ <listitem>
+ <para>OnBehalfOfCallbackHandler class</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-WebserviceproviderWSDL">
- </para>
- <para>
- OnBehalfOf is nothing more than a new sub-element in the RST. It provides additional information about the original caller when a token is negotiated with the STS. The OnBehalfOf element usually takes the form of a token with identity claims such as name, role, and authorization code, for the client to access the service.
-
- </para>
- <para>
- The OnBehalfOf scenario is an extension of
- <link linkend="sid-47972359_WS-TrustandSTS-ABasicWSTrustScenario">the basic WS-Trust scenario</link>
- . In this example the OnBehalfOf service calls the ws-service on behalf of a user. There are only a couple of additions to the basic scenario's code. An OnBehalfOf web service provider and callback handler have been added. The OnBehalfOf web services' WSDL imposes the same security policies as the ws-provider. UsernameTokenCallbackHandler is a utility shared with ActAs. It generates the content for the OnBehalfOf element. And lastly there are code additions in the STS that both OnBehalfOf and ActAs share in common.
-
- </para>
- <para>
- Infor here [
- <ulink url="http://coheigea.blogspot.it/2012/01/apache-cxf-251-sts-updates.html">Open Source Security: Apache CXF 2.5.1 STS updates</ulink>
- ]
- </para>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWebserviceprovider">
-
- <title>OnBehalfOf Web service provider</title>
- <para>This section examines the web service elements from the basic WS-Trust scenario that have been changed to address the needs of the OnBehalfOf example. The components are.</para>
- <itemizedlist>
- <listitem>
- <para>OnBehalfOf web service provider's WSDL</para>
- </listitem>
- <listitem>
- <para>OnBehalfOf web service provider's Interface and Implementation classes.</para>
- </listitem>
- <listitem>
- <para>OnBehalfOfCallbackHandler class</para>
- </listitem>
- </itemizedlist>
- </section>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWebserviceproviderWSDL">
-
- <title>OnBehalfOf Web service provider WSDL</title>
+ <title>Web service provider WSDL</title>
<para>The OnBehalfOf web service provider's WSDL is a clone of the ws-provider's WSDL. The wsp:Policy section is the same. There are changes to the service endpoint, targetNamespace, portType, binding name, and service.</para>
<informalexample>
<programlisting>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<definitions targetNamespace="http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy" name="OnBehalfOfService"
- xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
- xmlns:wsaws="http://www.w3.org/2005/08/addressing"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
- <types>
- <xsd:schema>
- <xsd:import namespace="http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy"
- schemaLocation="OnBehalfOfService_schema1.xsd"/>
- </xsd:schema>
- </types>
- <message name="sayHello">
- <part name="parameters" element="tns:sayHello"/>
- </message>
- <message name="sayHelloResponse">
- <part name="parameters" element="tns:sayHelloResponse"/>
- </message>
- <portType name="OnBehalfOfServiceIface">
- <operation name="sayHello">
- <input message="tns:sayHello"/>
- <output message="tns:sayHelloResponse"/>
- </operation>
- </portType>
- <binding name="OnBehalfOfServicePortBinding" type="tns:OnBehalfOfServiceIface">
- <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
- <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
- <operation name="sayHello">
- <soap:operation soapAction=""/>
- <input>
- <soap:body use="literal"/>
- <wsp:PolicyReference URI="#Input_Policy" />
- </input>
- <output>
- <soap:body use="literal"/>
- <wsp:PolicyReference URI="#Output_Policy" />
- </output>
- </operation>
- </binding>
- <service name="OnBehalfOfService">
- <port name="OnBehalfOfServicePort" binding="tns:OnBehalfOfServicePortBinding">
- <soap:address location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"/>
- </port>
- </service>
-</definitions>
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy"
+ schemaLocation="OnBehalfOfService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <portType name="OnBehalfOfServiceIface">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+ <binding name="OnBehalfOfServicePortBinding" type="tns:OnBehalfOfServiceIface">
+ <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#Input_Policy" />
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#Output_Policy" />
+ </output>
+ </operation>
+ </binding>
+ <service name="OnBehalfOfService">
+ <port name="OnBehalfOfServicePort" binding="tns:OnBehalfOfServicePortBinding">
+ <soap:address location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"/>
+ </port>
+ </service>
+</definitions>
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWebServiceInterface">
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-WebServiceInterface">
- <title>OnBehalfOf Web Service Interface</title>
+ <title>Web Service Interface</title>
<para>The web service provider interface class, OnBehalfOfServiceIface, is a simple web service definition.</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof;
-
-import javax.jws.WebMethod;
-import javax.jws.WebService;
-
-@WebService
-(
- targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy"
-)
-public interface OnBehalfOfServiceIface
-{
- @WebMethod
- String sayHello();
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+(
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy"
+)
+public interface OnBehalfOfServiceIface
+{
+ @WebMethod
+ String sayHello();
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWebServiceImplementation">
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-WebServiceImplementation">
- <title>OnBehalfOf Web Service Implementation</title>
+ <title>Web Service Implementation</title>
<para>The web service provider implementation class, OnBehalfOfServiceImpl, is a simple POJO. It uses the standard WebService annotation to define the service endpoint and two Apache WSS4J annotations, EndpointProperties and EndpointProperty used for configuring the endpoint for the CXF runtime. The WSS4J configuration information provided is for WSS4J's Crypto Merlin implementation.</para>
<para>OnBehalfOfServiceImpl is calling the ServiceImpl acting on behalf of the user. Method setupService performs the requisite configuration setup.</para>
<informalexample>
<programlisting>
-package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.annotations.EndpointProperties;
-import org.apache.cxf.annotations.EndpointProperty;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.trust.STSClient;
-import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
-import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.WSTrustAppUtils;
-
-import javax.jws.WebService;
-import javax.xml.namespace.QName;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-import java.net.*;
-import java.util.Map;
-
-@WebService
-(
- portName = "OnBehalfOfServicePort",
- serviceName = "OnBehalfOfService",
- wsdlLocation = "WEB-INF/wsdl/OnBehalfOfService.wsdl",
- targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy",
- endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof.OnBehalfOfServiceIface"
-)
-
-@EndpointProperties(value = {
- @EndpointProperty(key = "ws-security.signature.username", value = "myactaskey"),
- @EndpointProperty(key = "ws-security.signature.properties", value = "actasKeystore.properties"),
- @EndpointProperty(key = "ws-security.encryption.properties", value = "actasKeystore.properties"),
- @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof.OnBehalfOfCallbackHandler")
-})
-
-public class OnBehalfOfServiceImpl implements OnBehalfOfServiceIface
-{
- public String sayHello() {
- try {
-
- ServiceIface proxy = setupService();
- return "OnBehalfOf " + proxy.sayHello();
-
- } catch (MalformedURLException e) {
- e.printStackTrace();
- }
- return null;
- }
-
- /**
- *
- * @return
- * @throws MalformedURLException
- */
- private ServiceIface setupService()throws MalformedURLException {
- ServiceIface proxy = null;
- Bus bus = BusFactory.newInstance().createBus();
-
- try {
- BusFactory.setThreadDefaultBus(bus);
-
- final String serviceURL = "http://" + WSTrustAppUtils.getServerHost() + ":8080/jaxws-samples-wsse-policy-trust/SecurityService";
- final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
- final URL wsdlURL = new URL(serviceURL + "?wsdl");
- Service service = Service.create(wsdlURL, serviceName);
- proxy = (ServiceIface) service.getPort(ServiceIface.class);
-
- Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new OnBehalfOfCallbackHandler());
-
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "actasKeystore.properties" ));
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myactaskey" );
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "../../META-INF/clientKeystore.properties" ));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
-
- STSClient stsClient = new STSClient(bus);
- Map<String, Object> props = stsClient.getProperties();
- props.put(SecurityConstants.USERNAME, "bob");
- props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
- props.put(SecurityConstants.STS_TOKEN_USERNAME, "myactaskey" );
- props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "actasKeystore.properties" ));
- props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-
- ctx.put(SecurityConstants.STS_CLIENT, stsClient);
-
- } finally {
- bus.shutdown(true);
- }
-
- return proxy;
- }
-
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.WSTrustAppUtils;
+
+import javax.jws.WebService;
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import java.net.*;
+import java.util.Map;
+
+@WebService
+(
+ portName = "OnBehalfOfServicePort",
+ serviceName = "OnBehalfOfService",
+ wsdlLocation = "WEB-INF/wsdl/OnBehalfOfService.wsdl",
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy",
+ endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof.OnBehalfOfServiceIface"
+)
+
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "myactaskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "actasKeystore.properties"),
+ @EndpointProperty(key = "ws-security.encryption.properties", value = "actasKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof.OnBehalfOfCallbackHandler")
+})
+
+public class OnBehalfOfServiceImpl implements OnBehalfOfServiceIface
+{
+ public String sayHello() {
+ try {
+
+ ServiceIface proxy = setupService();
+ return "OnBehalfOf " + proxy.sayHello();
+
+ } catch (MalformedURLException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ /**
+ *
+ * @return
+ * @throws MalformedURLException
+ */
+ private ServiceIface setupService()throws MalformedURLException {
+ ServiceIface proxy = null;
+ Bus bus = BusFactory.newInstance().createBus();
+
+ try {
+ BusFactory.setThreadDefaultBus(bus);
+
+ final String serviceURL = "http://" + WSTrustAppUtils.getServerHost() + ":8080/jaxws-samples-wsse-policy-trust/SecurityService";
+ final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
+ final URL wsdlURL = new URL(serviceURL + "?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ proxy = (ServiceIface) service.getPort(ServiceIface.class);
+
+ Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new OnBehalfOfCallbackHandler());
+
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "actasKeystore.properties" ));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myactaskey" );
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "../../META-INF/clientKeystore.properties" ));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+ STSClient stsClient = new STSClient(bus);
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "bob");
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myactaskey" );
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "actasKeystore.properties" ));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+
+ } finally {
+ bus.shutdown(true);
+ }
+
+ return proxy;
+ }
+
}
</programlisting>
</informalexample>
</section>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfCallbackHandler">
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-OnBehalfOfCallbackHandler">
<title>OnBehalfOfCallbackHandler</title>
<para>OnBehalfOfCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature. This class has been revised to return the passwords for this service, myactaskey and the "OnBehalfOf" user, alice.</para>
<informalexample>
<programlisting>
- package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof;
-
-import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
-import java.util.HashMap;
-import java.util.Map;
-
-public class OnBehalfOfCallbackHandler extends PasswordCallbackHandler {
-
- public OnBehalfOfCallbackHandler()
- {
- super(getInitMap());
- }
-
- private static Map<String, String> getInitMap()
- {
- Map<String, String> passwords = new HashMap<String, String>();
- passwords.put("myactaskey", "aspass");
- passwords.put("alice", "clarinet");
- passwords.put("bob", "trombone");
- return passwords;
- }
-
+ package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.onbehalfof;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+import java.util.HashMap;
+import java.util.Map;
+
+public class OnBehalfOfCallbackHandler extends PasswordCallbackHandler {
+
+ public OnBehalfOfCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("myactaskey", "aspass");
+ passwords.put("alice", "clarinet");
+ passwords.put("bob", "trombone");
+ return passwords;
+ }
+
}
</programlisting>
</informalexample>
</section>
</section>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWebservicerequester">
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-Webservicerequester">
- <title>OnBehalfOf Web service requester</title>
+ <title>Web service requester</title>
<para>This section examines the ws-requester elements from the basic WS-Trust scenario that have been changed to address the needs of the OnBehalfOf example. The component is</para>
<itemizedlist>
<listitem>
<para>OnBehalfOf web service requester implementation class</para>
</listitem>
</itemizedlist>
- <section id="sid-47972359_WS-TrustandSTS-OnBehalfOfWebservicerequesterImplementation">
+ <section id="sid-78906783_OnBehalfOfWS-TrustScenario-WebservicerequesterImplementation">
- <title>OnBehalfOf Web service requester Implementation</title>
+ <title>Web service requester Implementation</title>
<para>
The OnBehalfOf ws-requester, the client, uses standard procedures for creating a reference to the web service in the first four lines. To address the endpoint security requirements, the web service's "Request Context" is configured via the BindingProvider. Information needed in the message generation is provided through it. The OnBehalfOf user, alice, is declared in this section and the callbackHandler, UsernameTokenCallbackHandler is provided to the STSClient for generation of the contents for the OnBehalfOf message element. In this example a STSClient object is created and provided to the proxy's request context. The alternative is to provide keys tagged with the ".it" suffix as was done in
- <link linkend="sid-47972359_WS-TrustandSTS-WebservicerequesterImplementation">the Basic Scenario client</link>
+ <link linkend="sid-78906783_OnBehalfOfWS-TrustScenario-WebservicerequesterImplementation">the Basic Scenario client</link>
. The use of OnBehalfOf is configured by the method call stsClient.setOnBehalfOf. The alternative is to use the key SecurityConstants.STS_TOKEN_ON_BEHALF_OF and a value in the props map.
</para>
<informalexample>
<programlisting>
-final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy", "OnBehalfOfService");
-final URL wsdlURL = new URL(serviceURL + "?wsdl");
-Service service = Service.create(wsdlURL, serviceName);
-OnBehalfOfServiceIface proxy = (OnBehalfOfServiceIface) service.getPort(OnBehalfOfServiceIface.class);
-
-
-Bus bus = BusFactory.newInstance().createBus();
-try {
-
- BusFactory.setThreadDefaultBus(bus);
-
- Map<String, Object> ctx = proxy.getRequestContext();
-
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myactaskey");
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy", "OnBehalfOfService");
+final URL wsdlURL = new URL(serviceURL + "?wsdl");
+Service service = Service.create(wsdlURL, serviceName);
+OnBehalfOfServiceIface proxy = (OnBehalfOfServiceIface) service.getPort(OnBehalfOfServiceIface.class);
+
+Bus bus = BusFactory.newInstance().createBus();
+try {
+
+ BusFactory.setThreadDefaultBus(bus);
+
+ Map<String, Object> ctx = proxy.getRequestContext();
+
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myactaskey");
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+
// user and password OnBehalfOf user
// UsernameTokenCallbackHandler will extract this information when called
- ctx.put(SecurityConstants.USERNAME,"alice");
- ctx.put(SecurityConstants.PASSWORD, "clarinet");
-
- STSClient stsClient = new STSClient(bus);
+ ctx.put(SecurityConstants.USERNAME,"alice");
+ ctx.put(SecurityConstants.PASSWORD, "clarinet");
- // Providing the STSClient the mechanism to create the claims contents for OnBehalfOf
- stsClient.setOnBehalfOf(new UsernameTokenCallbackHandler());
-
- Map<String, Object> props = stsClient.getProperties();
- props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- props.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
- props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
- props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-
- ctx.put(SecurityConstants.STS_CLIENT, stsClient);
-
-} finally {
- bus.shutdown(true);
-}
+ STSClient stsClient = new STSClient(bus);
+
+ // Providing the STSClient the mechanism to create the claims contents for OnBehalfOf
+ stsClient.setOnBehalfOf(new UsernameTokenCallbackHandler());
+
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+
+} finally {
+ bus.shutdown(true);
+}
proxy.sayHello();
</programlisting>
</informalexample>
</section>
</section>
</section>
+ <section id="sid-78906786">
+
+ <title>SAML Bearer Assertion Scenario</title>
+ <para>
+ WS-Trust deals with managing software security tokens. A SAML assertion is a type of security token. In the SAML Bearer scenario, the service provider automatically trusts that the incoming SOAP request came from the subject defined in the SAML token after the service verifies the tokens signature.
+
+ </para>
+ <para>Implementation of this scenario has the following requirements.</para>
+ <itemizedlist>
+ <listitem>
+ <para>SAML tokens with a Bearer subject confirmation method must be protected so the token can not be snooped. In most cases, a bearer token combined with HTTPS is sufficient to prevent "a man in the middle" getting possession of the token. This means a security policy that uses a sp:TransportBinding and sp:HttpsToken.</para>
+ </listitem>
+ <listitem>
+ <para>
+ A bearer token has no encryption or signing keys associated with it, therefore a sp:IssuedToken of bearer keyType should be used with a sp:SupportingToken or a sp:SignedSupportingTokens.
+
+ </para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-WebserviceProvider">
+
+ <title>Web service Provider</title>
+ <para>This section examines the web service elements for the SAML Bearer scenario. The components are</para>
+ <itemizedlist>
+ <listitem>
+ <para>Bearer web service provider's WSDL</para>
+ </listitem>
+ <listitem>
+ <para>SSL configuration</para>
+ </listitem>
+ <listitem>
+ <para>Bearer web service provider's Interface and Implementation classes.</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ <listitem>
+ <para>MANIFEST.MF</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-WebserviceproviderWSDL">
+
+ <title>Web service provider WSDL</title>
+ <para>The web service provider is a contract-first endpoint. All the WS-trust and security policies for it are declared in WSDL, BearerService.wsdl. For this scenario a ws-requester is required to present a SAML 2.0 Bearer token issued from a designed STS. The address of the STS is provided in the WSDL. HTTPS, a TransportBinding and HttpsToken policy are used to protect the SOAP body of messages that pass back and forth between ws-requester and ws-provider. A detailed explanation of the security settings are provided in the comments in the listing below.</para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<definitions targetNamespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+ name="BearerService"
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+ schemaLocation="BearerService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <portType name="BearerIface">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+
+<!--
+ The wsp:PolicyReference binds the security requirments on all the endpoints.
+ The wsp:Policy wsu:Id="#TransportSAML2BearerPolicy" element is defined later in this file.
+-->
+ <binding name="BearerServicePortBinding" type="tns:BearerIface">
+ <wsp:PolicyReference URI="#TransportSAML2BearerPolicy" />
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+
+<!--
+ The soap:address has been defined to use JBoss's https port, 8443. This is
+ set in conjunction with the sp:TransportBinding policy for https.
+-->
+ <service name="BearerService">
+ <port name="BearerServicePort" binding="tns:BearerServicePortBinding">
+ <soap:address location="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
+ </port>
+ </service>
+
+
+ <wsp:Policy wsu:Id="TransportSAML2BearerPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The wsam:Addressing element, indicates that the endpoints of this
+ web service MUST conform to the WS-Addressing specification. The
+ attribute wsp:Optional="false" enforces this assertion.
+ -->
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+
+<!--
+ The sp:TransportBinding element indicates that security is provided by the
+ message exchange transport medium, https. WS-Security policy specification
+ defines the sp:HttpsToken for use in exchanging messages transmitted over HTTPS.
+-->
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+<!--
+ The sp:AlgorithmSuite element, requires the TripleDes algorithm suite
+ be used in performing cryptographic operations.
+-->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+<!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+-->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+
+<!--
+ The sp:SignedSupportingTokens element causes the supporting tokens
+ to be signed using the primary token that is used to sign the message.
+-->
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+<!--
+ The sp:IssuedToken element asserts that a SAML 2.0 security token of type
+ Bearer is expected from the STS. The
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al...">
+ attribute instructs the runtime to include the initiator's public key
+ with every message sent to the recipient.
+
+ The sp:RequestSecurityTokenTemplate element directs that all of the
+ children of this element will be copied directly into the body of the
+ RequestSecurityToken (RST) message that is sent to the STS when the
+ initiator asks the STS to issue a token.
+-->
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al...">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profil...
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</...
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference />
+ </wsp:Policy>
+<!--
+ The sp:Issuer element defines the STS's address and endpoint information
+ This information is used by the STSClient.
+-->
+ <sp:Issuer>
+ <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata
+ xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
+ <wsaw:ServiceName
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+<!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+-->
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+<!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+-->
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</definitions>
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-SSLconfiguration">
+
+ <title>SSL configuration</title>
+ <para>This web service is using https, therefore the JBoss server must be configured to provide SSL support in the Web subsystem. There are 2 components to SSL configuration.</para>
+ <itemizedlist>
+ <listitem>
+ <para>create a certificate keystore</para>
+ </listitem>
+ <listitem>
+ <para>declare an SSL connector in the Web subsystem of the JBoss server configuration file.</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Follow the directions in the, "
+ <emphasis role="italics">Using the pure Java implementation supplied by JSSE</emphasis>
+ " section in the
+ <ulink url="https://docs.jboss.org/author/display/WFLY8/SSL+setup+guide">SSL Setup Guide</ulink>
+ .
+ </para>
+ <para>Here is an example of an SSL connector declaration.</para>
+ <informalexample>
+ <programlisting>
+<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
+ .....
+ <connector name="jbws-https-connector" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
+ <ssl key-alias="tomcat" password="changeit" certificate-key-file="/myJbossHome/security/test.keystore" verify-client="false"/>
+ </connector>
+ ...
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-WebserviceInterface">
+
+ <title>Web service Interface</title>
+ <para>The web service provider interface class, BearerIface, is a simple straight forward web service definition.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+(
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+)
+public interface BearerIface
+{
+ @WebMethod
+ String sayHello();
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-WebserviceImplementation">
+
+ <title>Web service Implementation</title>
+ <para>
+ The web service provider implementation class, BearerImpl, is a simple POJO. It uses the standard WebService annotation to define the service endpoint. In addition there are two Apache CXF annotations, EndpointProperties and EndpointProperty used for configuring the endpoint for the CXF runtime. These annotations come from the
+ <ulink url="https://ws.apache.org/wss4j/">Apache WSS4J project</ulink>
+ , which provides a Java implementation of the primary WS-Security standards for Web Services. These annotations are programmatically adding properties to the endpoint. With plain Apache CXF, these properties are often set via the <jaxws:properties> element on the <jaxws:endpoint> element in the Spring config; these annotations allow the properties to be configured in the code.
+ </para>
+ <para>WSS4J uses the Crypto interface to get keys and certificates for signature creation/verification, as is asserted by the WSDL for this service. The WSS4J configuration information being provided by BearerImpl is for Crypto's Merlin implementation. More information will be provided about this in the keystore section.</para>
+ <para>Because the web service provider automatically trusts that the incoming SOAP request came from the subject defined in the SAML token there is no need for a Crypto callbackHandler class or a signature username, unlike in prior examples, however in order to verify the message signature, the Java properties file that contains the (Merlin) crypto configuration information is still required.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "BearerServicePort",
+ serviceName = "BearerService",
+ wsdlLocation = "WEB-INF/wsdl/BearerService.wsdl",
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy",
+ endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerIface"
+)
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.properties", value = "serviceKeystore.properties")
+})
+public class BearerImpl implements BearerIface
+{
+ public String sayHello()
+ {
+ return "Bearer WS-Trust Hello World!";
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-Cryptopropertiesandkeystorefiles">
+
+ <title>Crypto properties and keystore files</title>
+ <para>WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File serviceKeystore.properties contains this information.</para>
+ <para>
+ File servicestore.jks, is a Java KeyStore (JKS) repository. It contains self signed certificates for myservicekey and mystskey.
+ <emphasis role="italics">Self signed certificates are not appropriate for production use.</emphasis>
+ </para>
+ <informalexample>
+ <programlisting>
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=sspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
+org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-MANIFEST.MF">
+
+ <title>MANIFEST.MF</title>
+ <para>When deployed on WildFly this application requires access to the JBossWs and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The dependency statement directs the server to provide them at deployment.</para>
+ <informalexample>
+ <programlisting>
+Manifest-Version: 1.0
+Ant-Version: Apache Ant 1.8.2
+Created-By: 1.7.0_25-b15 (Oracle Corporation)
+Dependencies: org.jboss.ws.cxf.jbossws-cxf-client
+</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-BearerSecurityTokenService">
+
+ <title>Bearer Security Token Service</title>
+ <para>This section examines the crucial elements in providing the Security Token Service functionality for providing a SAML Bearer token. The components that will be discussed are.</para>
+ <itemizedlist>
+ <listitem>
+ <para>Security Domain</para>
+ </listitem>
+ <listitem>
+ <para>STS's WSDL</para>
+ </listitem>
+ <listitem>
+ <para>STS's implementation class</para>
+ </listitem>
+ <listitem>
+ <para>STSBearerCallbackHandler</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ <listitem>
+ <para>
+ MANIFEST.MF
+
+ </para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-SecurityDomain">
+
+ <title>Security Domain</title>
+ <para>The STS requires a JBoss security domain be configured. The jboss-web.xml descriptor declares a named security domain,"JBossWS-trust-sts" to be used by this service for authentication. This security domain requires two properties files and the addition of a security-domain declaration in the JBoss server configuration file.</para>
+ <para>
+ For this scenario the domain needs to contain user
+ <emphasis role="italics">alice</emphasis>
+ , password
+ <emphasis role="italics">clarinet</emphasis>
+ , and role
+ <emphasis role="italics">friend</emphasis>
+ . See the listings below for jbossws-users.properties and jbossws-roles.properties. In addition the following XML must be added to the JBoss security subsystem in the server configuration file. Replace "
+ <emphasis role="strong">SOME_PATH</emphasis>
+ " with appropriate information.
+ </para>
+ <informalexample>
+ <programlisting>
+<security-domain name="JBossWS-trust-sts">
+ <authentication>
+ <login-module code="UsersRoles" flag="required">
+ <module-option name="usersProperties" value="/SOME_PATH/jbossws-users.properties"/>
+ <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ <module-option name="rolesProperties" value="/SOME_PATH/jbossws-roles.properties"/>
+ </login-module>
+ </authentication>
+</security-domain>
+</programlisting>
+ </informalexample>
+ <para>jboss-web.xml</para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" ">
+<jboss-web>
+ <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>
+</jboss-web>
+</programlisting>
+ </informalexample>
+ <para>jbossws-users.properties</para>
+ <informalexample>
+ <programlisting>
+# A sample users.properties file for use with the UsersRolesLoginModule
+alice=clarinet
+</programlisting>
+ </informalexample>
+ <para>jbossws-roles.properties</para>
+ <informalexample>
+ <programlisting>
+# A sample roles.properties file for use with the UsersRolesLoginModule
+alice=friend
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-STS%27sWSDL">
+
+ <title>STS's WSDL</title>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions
+ targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+
+ <wsdl:types>
+ <xs:schema elementFormDefault="qualified"
+ targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType'/>
+ <xs:element name='RequestSecurityTokenResponse'
+ type='wst:AbstractRequestSecurityTokenType'/>
+
+ <xs:complexType name='AbstractRequestSecurityTokenType'>
+ <xs:sequence>
+ <xs:any namespace='##any' processContents='lax' minOccurs='0'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:attribute name='Context' type='xs:anyURI' use='optional'/>
+ <xs:anyAttribute namespace='##other' processContents='lax'/>
+ </xs:complexType>
+ <xs:element name='RequestSecurityTokenCollection'
+ type='wst:RequestSecurityTokenCollectionType'/>
+ <xs:complexType name='RequestSecurityTokenCollectionType'>
+ <xs:sequence>
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType' minOccurs='2'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name='RequestSecurityTokenResponseCollection'
+ type='wst:RequestSecurityTokenResponseCollectionType'/>
+ <xs:complexType name='RequestSecurityTokenResponseCollectionType'>
+ <xs:sequence>
+ <xs:element ref='wst:RequestSecurityTokenResponse' minOccurs='1'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:anyAttribute namespace='##other' processContents='lax'/>
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:message name="RequestSecurityTokenMsg">
+ <wsdl:part name="request" element="wst:RequestSecurityToken"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseMsg">
+ <wsdl:part name="response"
+ element="wst:RequestSecurityTokenResponse"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenCollectionMsg">
+ <wsdl:part name="requestCollection"
+ element="wst:RequestSecurityTokenCollection"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:part name="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection"/>
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portType name="WSSecurityRequestor">
+ <wsdl:operation name="Challenge">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <!--
+ The wsdl:portType and data types are XML elements defined by the
+ WS_Trust specification. The wsdl:portType defines the endpoints
+ supported in the STS implementation. This WSDL defines all operations
+ that an STS implementation can support.
+ -->
+ <wsdl:portType name="STS">
+ <wsdl:operation name="Cancel">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Issue">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"
+ message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <wsdl:input message="tns:RequestSecurityTokenCollectionMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portType name="SecurityTokenResponseService">
+ <wsdl:operation name="RequestSecurityTokenResponse">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!--
+ The wsp:PolicyReference binds the security requirments on all the STS endpoints.
+ The wsp:Policy wsu:Id="UT_policy" element is later in this file.
+ -->
+ <wsdl:binding name="UT_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#UT_policy"/>
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="SecurityTokenService">
+ <wsdl:port name="UT_Port" binding="tns:UT_Binding">
+ <soap:address location="http://localhost:8080/SecurityTokenService/UT"/>
+ </wsdl:port>
+ </wsdl:service>
+
+
+ <wsp:Policy wsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The sp:UsingAddressing element, indicates that the endpoints of this
+ web service conforms to the WS-Addressing specification. More detail
+ can be found here: [http://www.w3.org/TR/2006/CR-ws-addr-wsdl-20060529]
+ -->
+ <wsap10:UsingAddressing/>
+ <!--
+ The sp:SymmetricBinding element indicates that security is provided
+ at the SOAP layer and any initiator must authenticate itself by providing
+ WSS UsernameToken credentials.
+ -->
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <!--
+ In a symmetric binding, the keys used for encrypting and signing in both
+ directions are derived from a single key, the one specified by the
+ sp:ProtectionToken element. The sp:X509Token sub-element declares this
+ key to be a X.509 certificate and the
+ IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"
+ attribute adds the requirement that the token MUST NOT be included in
+ any messages sent between the initiator and the recipient; rather, an
+ external reference to the token should be used. Lastly the WssX509V3Token10
+ sub-element declares that the Username token presented by the initiator
+ should be compliant with Web Services Security UsernameToken Profile
+ 1.0 specification. [ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr... ]
+ -->
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <!--
+ The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
+ be used in performing cryptographic operations.
+ -->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+ -->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+
+ <!--
+ The sp:SignedSupportingTokens element declares that the security header
+ of messages must contain a sp:UsernameToken and the token must be signed.
+ The attribute IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al..."
+ on sp:UsernameToken indicates that the token MUST be included in all
+ messages sent from initiator to the recipient and that the token MUST
+ NOT be included in messages sent from the recipient to the initiator.
+ And finally the element sp:WssUsernameToken10 is a policy assertion
+ indicating the Username token should be as defined in Web Services
+ Security UsernameToken Profile 1.0
+ -->
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al...">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+ -->
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+ -->
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-STS%27simplementationclass">
+
+ <title>STS's implementation class</title>
+ <para>
+ The Apache CXF's STS, SecurityTokenServiceProvider, is a web service provider that is compliant with the protocols and functionality defined by the WS-Trust specification. It has a modular architecture. Many of its components are configurable or replaceable and there are many optional features that are enabled by implementing and configuring plug-ins. Users can customize their own STS by extending from SecurityTokenServiceProvider and overriding the default settings. Extensive information about the CXF's STS configurable and pluggable components can be found
+ <ulink url="http://coheigea.blogspot.com/2011/11/apache-cxf-sts-documentation-part-vi...">here</ulink>
+ .
+ </para>
+ <para>This STS implementation class, SampleSTSBearer, is a POJO that extends from SecurityTokenServiceProvider. Note that the class is defined with a WebServiceProvider annotation and not a WebService annotation. This annotation defines the service as a Provider-based endpoint, meaning it supports a more messaging-oriented approach to Web services. In particular, it signals that the exchanged messages will be XML documents of some type. SecurityTokenServiceProvider is an implementation of the javax.xml.ws.Provider interface. In comparison the WebService annotation defines a (service endpoint interface) SEI-based endpoint which supports message exchange via SOAP envelopes.</para>
+ <para>As was done in the BearerImpl class, the WSS4J annotations EndpointProperties and EndpointProperty are providing endpoint configuration for the CXF runtime. The first EndpointProperty statement in the listing is declaring the user's name to use for the message signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. The next two EndpointProperty statements declares the Java properties file that contains the (Merlin) crypto configuration information. In this case both for signing and encrypting the messages. WSS4J reads this file and extra required information for message handling. The last EndpointProperty statement declares the STSBearerCallbackHandler implementation class. It is used to obtain the user's password for the certificates in the keystore file.</para>
+ <para>In this implementation we are customizing the operations of token issuance, token validation and their static properties.</para>
+ <para>StaticSTSProperties is used to set select properties for configuring resources in the STS. You may think this is a duplication of the settings made with the WSS4J annotations. The values are the same but the underlaying structures being set are different, thus this information must be declared in both places.</para>
+ <para>The setIssuer setting is important because it uniquely identifies the issuing STS. The issuer string is embedded in issued tokens and, when validating tokens, the STS checks the issuer string value. Consequently, it is important to use the issuer string in a consistent way, so that the STS can recognize the tokens that it has issued.</para>
+ <para>The setEndpoints call allows the declaration of a set of allowed token recipients by address. The addresses are specified as reg-ex patterns.</para>
+ <para>TokenIssueOperation has a modular structure. This allows custom behaviors to be injected into the processing of messages. In this case we are overriding the SecurityTokenServiceProvider's default behavior and performing SAML token processing. CXF provides an implementation of a SAMLTokenProvider which we are using rather than writing our own.</para>
+ <para>
+ Learn more about the SAMLTokenProvider
+ <ulink url="http://coheigea.blogspot.it/2011/10/apache-cxf-sts-documentation-part-iv....">here</ulink>
+ .
+ </para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.operation.TokenIssueOperation;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
+
+import javax.xml.ws.WebServiceProvider;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+@WebServiceProvider(serviceName = "SecurityTokenService",
+ portName = "UT_Port",
+ targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+ wsdlLocation = "WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl")
+//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF annotations are ignored
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer.STSBearerCallbackHandler")
+})
+public class SampleSTSBearer extends SecurityTokenServiceProvider
+{
+
+ public SampleSTSBearer() throws Exception
+ {
+ super();
+
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(STSBearerCallbackHandler.class.getName());
+ props.setEncryptionCryptoProperties("stsKeystore.properties");
+ props.setEncryptionUsername("myservicekey");
+ props.setIssuer("DoubleItSTSIssuer");
+
+ List<ServiceMBean> services = new LinkedList<ServiceMBean>();
+ StaticService service = new StaticService();
+ service.setEndpoints(Arrays.asList(
+ "https://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/BearerSer...",
+ "https://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/BearerService",
+ "https://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/BearerService"
+ ));
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ issueOperation.setServices(services);
+ issueOperation.setStsProperties(props);
+ this.setIssueOperation(issueOperation);
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-STSBearerCallbackHandler">
+
+ <title>STSBearerCallbackHandler</title>
+ <para>STSBearerCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class STSBearerCallbackHandler extends PasswordCallbackHandler
+{
+ public STSBearerCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("mystskey", "stskpass");
+ passwords.put("alice", "clarinet");
+ return passwords;
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-Cryptopropertiesandkeystorefilesx">
+
+ <title>Crypto properties and keystore files</title>
+ <para>WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File stsKeystore.properties contains this information.</para>
+ <para>
+ File servicestore.jks, is a Java KeyStore (JKS) repository. It contains self signed certificates for myservicekey and mystskey.
+ <emphasis role="italics">Self signed certificates are not appropriate for production use.</emphasis>
+ </para>
+ <informalexample>
+ <programlisting>
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=stsspass
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-MANIFEST.MFx">
+
+ <title>MANIFEST.MF</title>
+ <para>
+ When deployed on WildFly, this application requires access to the JBossWs and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are needed to build the STS configuration in the
+ <code>SampleSTS</code>
+ constructor. The dependency statement directs the server to provide them at deployment.
+ </para>
+ <informalexample>
+ <programlisting>
+Manifest-Version: 1.0
+Ant-Version: Apache Ant 1.8.2
+Created-By: 1.7.0_25-b15 (Oracle Corporation)
+Dependencies: org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl
+</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-Webservicerequester">
+
+ <title>Web service requester</title>
+ <para>This section examines the crucial elements in calling a web service that implements endpoint security as described in the SAML Bearer scenario. The components that will be discussed are.</para>
+ <itemizedlist>
+ <listitem>
+ <para>Web service requester's implementation</para>
+ </listitem>
+ <listitem>
+ <para>ClientCallbackHandler</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-WebservicerequesterImplementation">
+
+ <title>Web service requester Implementation</title>
+ <para>The ws-requester, the client, uses standard procedures for creating a reference to the web service. To address the endpoint security requirements, the web service's "Request Context" is configured with the information needed in message generation. In addition, the STSClient that communicates with the STS is configured with similar values. Note the key strings ending with a ".it" suffix. This suffix flags these settings as belonging to the STSClient. The internal CXF code assigns this information to the STSClient that is auto-generated for this service call.</para>
+ <para>There is an alternate method of setting up the STSCLient. The user may provide their own instance of the STSClient. The CXF code will use this object and not auto-generate one. When providing the STSClient in this way, the user must provide a org.apache.cxf.Bus for it and the configuration keys must not have the ".it" suffix. This is used in the ActAs and OnBehalfOf examples.</para>
+ <informalexample>
+ <programlisting>
+ String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-bearer/BearerService";
+
+ final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy", "BearerService");
+ Service service = Service.create(new URL(serviceURL + "?wsdl"), serviceName);
+ BearerIface proxy = (BearerIface) service.getPort(BearerIface.class);
+
+ Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
+
+ // set the security related configuration information for the service "request"
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+ //-- Configuration settings that will be transfered to the STSClient
+ // "alice" is the name provided for the WSS Username. Her password will
+ // be retreived from the ClientCallbackHander by the STSClient.
+ ctx.put(SecurityConstants.USERNAME + ".it", "alice");
+ ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
+ ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
+ ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
+
+ proxy.sayHello();
+
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-ClientCallbackHandler">
+
+ <title>ClientCallbackHandler</title>
+ <para>
+ <ulink url="https://docs.jboss.org/author/display/JBWS/WS-Trust+and+STS#WS-TrustandST..."/>
+ </para>
+ <para>ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature. Note that "alice" and her password have been provided here. This information is not in the (JKS) keystore but provided in the WildFly security domain. It was declared in file jbossws-users.properties.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.ws.security.WSPasswordCallback;
+
+public class ClientCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ } else if ("myservicekey".equals(pc.getIdentifier())) { // rls test added for bearer test
+ pc.setPassword("skpass");
+ break;
+ }
+ }
+ }
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906786_SAMLBearerAssertionScenario-Cryptopropertiesandkeystorefilesxx">
+
+ <title>Crypto properties and keystore files</title>
+ <para>
+ <ulink url="https://docs.jboss.org/author/display/JBWS/WS-Trust+and+STS#WS-TrustandST..."/>
+ </para>
+ <para>WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File clientKeystore.properties contains this information.</para>
+ <para>
+ File clientstore.jks, is a Java KeyStore (JKS) repository. It contains self signed certificates for myservicekey and mystskey.
+ <emphasis role="italics">Self signed certificates are not appropriate for production use.</emphasis>
+ </para>
+ <informalexample>
+ <programlisting>
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
+org.apache.ws.security.crypto.merlin.keystore.file=META-INF/clientstore.jks
+</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ </section>
+ <section id="sid-78906915">
+
+ <title>SAML Holder-Of-Key Assertion Scenario</title>
+ <para>
+ WS-Trust deals with managing software security tokens. A SAML assertion is a type of security token. In the Holder-Of-Key method, the STS creates a SAML token containing the client's public key and signs the SAML token with its private key. The client includes the SAML token and signs the outgoing soap envelope to the web service with its private key. The web service validates the SOAP message and the SAML token.
+
+ </para>
+ <para>Implementation of this scenario has the following requirements.</para>
+ <itemizedlist>
+ <listitem>
+ <para>SAML tokens with a Holder-Of-Key subject confirmation method must be protected so the token can not be snooped. In most cases, a Holder-Of-Key token combined with HTTPS is sufficient to prevent "a man in the middle" getting possession of the token. This means a security policy that uses a sp:TransportBinding and sp:HttpsToken.</para>
+ </listitem>
+ <listitem>
+ <para>A Holder-Of-Key token has no encryption or signing keys associated with it, therefore a sp:IssuedToken of SymmetricKey or PublicKey keyType should be used with a sp:SignedEndorsingSupportingTokens.</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-WebserviceProvider">
+
+ <title>Web service Provider</title>
+ <para>This section examines the web service elements for the SAML Holder-Of-Key scenario. The components are</para>
+ <itemizedlist>
+ <listitem>
+ <para>Web service provider's WSDL</para>
+ </listitem>
+ <listitem>
+ <para>SSL configuration</para>
+ </listitem>
+ <listitem>
+ <para>Web service provider's Interface and Implementation classes.</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ <listitem>
+ <para>MANIFEST.MF</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-WebserviceproviderWSDL">
+
+ <title>Web service provider WSDL</title>
+ <para>The web service provider is a contract-first endpoint. All the WS-trust and security policies for it are declared in the WSDL, HolderOfKeyService.wsdl. For this scenario a ws-requester is required to present a SAML 2.0 token of SymmetricKey keyType, issued from a designed STS. The address of the STS is provided in the WSDL. A transport binding policy is used. The token is declared to be signed and endorsed, sp:SignedEndorsingSupportingTokens. A detailed explanation of the security settings are provided in the comments in the listing below.</para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<definitions targetNamespace="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+ name="HolderOfKeyService"
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+ schemaLocation="HolderOfKeyService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <portType name="HolderOfKeyIface">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+<!--
+ The wsp:PolicyReference binds the security requirments on all the endpoints.
+ The wsp:Policy wsu:Id="#TransportSAML2HolderOfKeyPolicy" element is defined later in this file.
+-->
+ <binding name="HolderOfKeyServicePortBinding" type="tns:HolderOfKeyIface">
+ <wsp:PolicyReference URI="#TransportSAML2HolderOfKeyPolicy" />
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+<!--
+ The soap:address has been defined to use JBoss's https port, 8443. This is
+ set in conjunction with the sp:TransportBinding policy for https.
+-->
+ <service name="HolderOfKeyService">
+ <port name="HolderOfKeyServicePort" binding="tns:HolderOfKeyServicePortBinding">
+ <soap:address location="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService"/>
+ </port>
+ </service>
+
+
+ <wsp:Policy wsu:Id="TransportSAML2HolderOfKeyPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The wsam:Addressing element, indicates that the endpoints of this
+ web service MUST conform to the WS-Addressing specification. The
+ attribute wsp:Optional="false" enforces this assertion.
+ -->
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+<!--
+ The sp:TransportBinding element indicates that security is provided by the
+ message exchange transport medium, https. WS-Security policy specification
+ defines the sp:HttpsToken for use in exchanging messages transmitted over HTTPS.
+-->
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+<!--
+ The sp:AlgorithmSuite element, requires the TripleDes algorithm suite
+ be used in performing cryptographic operations.
+-->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+<!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+-->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+
+<!--
+ The sp:SignedEndorsingSupportingTokens, when transport level security level is
+ used there will be no message signature and the signature generated by the
+ supporting token will sign the Timestamp.
+-->
+ <sp:SignedEndorsingSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+<!--
+ The sp:IssuedToken element asserts that a SAML 2.0 security token of type
+ Bearer is expected from the STS. The
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al...">
+ attribute instructs the runtime to include the initiator's public key
+ with every message sent to the recipient.
+
+ The sp:RequestSecurityTokenTemplate element directs that all of the
+ children of this element will be copied directly into the body of the
+ RequestSecurityToken (RST) message that is sent to the STS when the
+ initiator asks the STS to issue a token.
+-->
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al...">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profil...
+ <!--
+ KeyType of "SymmetricKey", the client must prove to the WS service that it
+ possesses a particular symmetric session key.
+ -->
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKe...
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference />
+ </wsp:Policy>
+<!--
+ The sp:Issuer element defines the STS's address and endpoint information
+ This information is used by the STSClient.
+-->
+ <sp:Issuer>
+ <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-holderofkey/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata
+ xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-holderofkey/SecurityTokenService?wsdl">
+ <wsaw:ServiceName
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+<!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+-->
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+<!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+-->
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</definitions>
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-SSLconfiguration">
+
+ <title>SSL configuration</title>
+ <para>
+ <ulink url="https://docs.jboss.org/author/display/JBWS/WS-Trust+and+STS#WS-TrustandST..."/>
+ </para>
+ <para>This web service is using https, therefore the JBoss server must be configured to provide SSL support in the Web subsystem. There are 2 components to SSL configuration.</para>
+ <itemizedlist>
+ <listitem>
+ <para>create a certificate keystore</para>
+ </listitem>
+ <listitem>
+ <para>declare an SSL connector in the Web subsystem of the JBoss server configuration file.</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Follow the directions in the, "
+ <emphasis role="italics">Using the pure Java implementation supplied by JSSE</emphasis>
+ " section in the [SSL Setup Guide|../../../../../../../../../../display/WFLY8/SSL+setup+guide||\||].
+ </para>
+ <para>Here is an example of an SSL connector declaration.</para>
+ <informalexample>
+ <programlisting>
+<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
+.....
+ <connector name="jbws-https-connector" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
+ <ssl key-alias="tomcat" password="changeit" certificate-key-file="/myJbossHome/security/test.keystore" verify-client="false"/>
+ </connector>
+...
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-WebserviceInterface">
+
+ <title>Web service Interface</title>
+ <para>The web service provider interface class, HolderOfKeyIface, is a simple straight forward web service definition.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.holderofkey;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+(
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+)
+public interface HolderOfKeyIface {
+ @WebMethod
+ String sayHello();
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-WebserviceImplementation">
+
+ <title>Web service Implementation</title>
+ <para>
+ The web service provider implementation class, HolderOfKeyImpl, is a simple POJO. It uses the standard WebService annotation to define the service endpoint. In addition there are two Apache CXF annotations, EndpointProperties and EndpointProperty used for configuring the endpoint for the CXF runtime. These annotations come from the
+ <ulink url="https://ws.apache.org/wss4j/">Apache WSS4J project</ulink>
+ , which provides a Java implementation of the primary WS-Security standards for Web Services. These annotations are programmatically adding properties to the endpoint. With plain Apache CXF, these properties are often set via the <jaxws:properties> element on the <jaxws:endpoint> element in the Spring config; these annotations allow the properties to be configured in the code.
+ </para>
+ <para>WSS4J uses the Crypto interface to get keys and certificates for signature creation/verification, as is asserted by the WSDL for this service. The WSS4J configuration information being provided by HolderOfKeyImpl is for Crypto's Merlin implementation. More information will be provided about this in the keystore section.</para>
+ <para>The first EndpointProperty statement in the listing disables ensurance of compliance with the Basic Security Profile 1.1. The next EndpointProperty statements declares the Java properties file that contains the (Merlin) crypto configuration information. The last EndpointProperty statement declares the STSHolderOfKeyCallbackHandler implementation class. It is used to obtain the user's password for the certificates in the keystore file.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.holderofkey;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+
+import javax.jws.WebService;
+
+@WebService
+ (
+ portName = "HolderOfKeyServicePort",
+ serviceName = "HolderOfKeyService",
+ wsdlLocation = "WEB-INF/wsdl/HolderOfKeyService.wsdl",
+ targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy",
+ endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.holderofkey.HolderOfKeyIface"
+ )
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.is-bsp-compliant", value = "false"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "serviceKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.holderofkey.HolderOfKeyCallbackHandler")
+})
+public class HolderOfKeyImpl implements HolderOfKeyIface
+{
+ public String sayHello()
+ {
+ return "Holder-Of-Key WS-Trust Hello World!";
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-Cryptopropertiesandkeystorefiles">
+
+ <title>Crypto properties and keystore files</title>
+ <para>WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File serviceKeystore.properties contains this information.</para>
+ <para>
+ File servicestore.jks, is a Java KeyStore (JKS) repository. It contains self signed certificates for myservicekey and mystskey.
+ <emphasis role="italics">Self signed certificates are not appropriate for production use.</emphasis>
+ </para>
+ <informalexample>
+ <programlisting>
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=sspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
+org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-MANIFEST.MF">
+
+ <title>MANIFEST.MF</title>
+ <para>
+ <ulink url="https://docs.jboss.org/author/display/JBWS/WS-Trust+and+STS#WS-TrustandST..."/>
+ </para>
+ <para>When deployed on WildFly this application requires access to the JBossWs and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The dependency statement directs the server to provide them at deployment.</para>
+ <informalexample>
+ <programlisting>
+Manifest-Version:1.0
+Ant-Version: Apache Ant1.8.2
+Created-By:1.7.0_25-b15 (Oracle Corporation)
+Dependencies: org.jboss.ws.cxf.jbossws-cxf-client
+</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-SecurityTokenService">
+
+ <title>Security Token Service</title>
+ <para>This section examines the crucial elements in providing the Security Token Service functionality for providing a SAML Holder-Of-Key token. The components that will be discussed are.</para>
+ <itemizedlist>
+ <listitem>
+ <para>Security Domain</para>
+ </listitem>
+ <listitem>
+ <para>STS's WSDL</para>
+ </listitem>
+ <listitem>
+ <para>STS's implementation class</para>
+ </listitem>
+ <listitem>
+ <para>STSBearerCallbackHandler</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ <listitem>
+ <para>MANIFEST.MF</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-SecurityDomain">
+
+ <title>Security Domain</title>
+ <para>The STS requires a JBoss security domain be configured. The jboss-web.xml descriptor declares a named security domain,"JBossWS-trust-sts" to be used by this service for authentication. This security domain requires two properties files and the addition of a security-domain declaration in the JBoss server configuration file.</para>
+ <para>
+ For this scenario the domain needs to contain user
+ <emphasis role="italics">alice</emphasis>
+ , password
+ <emphasis role="italics">clarinet</emphasis>
+ , and role
+ <emphasis role="italics">friend</emphasis>
+ . See the listings below for jbossws-users.properties and jbossws-roles.properties. In addition the following XML must be added to the JBoss security subsystem in the server configuration file. Replace "
+ <emphasis role="strong">SOME_PATH</emphasis>
+ " with appropriate information.
+ </para>
+ <informalexample>
+ <programlisting>
+<security-domain name="JBossWS-trust-sts">
+ <authentication>
+ <login-module code="UsersRoles" flag="required">
+ <module-option name="usersProperties" value="/SOME_PATH/jbossws-users.properties"/>
+ <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ <module-option name="rolesProperties" value="/SOME_PATH/jbossws-roles.properties"/>
+ </login-module>
+ </authentication>
+</security-domain>
+</programlisting>
+ </informalexample>
+ <para>jboss-web.xml</para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web PUBLIC"-//JBoss//DTD Web Application 2.4//EN" ">
+<jboss-web>
+ <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>
+</jboss-web>
+</programlisting>
+ </informalexample>
+ <informaltable>
+ <tgroup cols="1">
+ <tbody>
+ <row>
+ <entry>
+ <para>
+
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>jbossws-users.properties</para>
+ <informalexample>
+ <programlisting>
+# A sample users.properties filefor use with the UsersRolesLoginModule
+alice=clarinet
+</programlisting>
+ </informalexample>
+ <informaltable>
+ <tgroup cols="1">
+ <tbody>
+ <row>
+ <entry>
+ <para> </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>jbossws-roles.properties</para>
+ <informalexample>
+ <programlisting>
+# A sample roles.properties filefor use with the UsersRolesLoginModule
+alice=friend
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-STS%27sWSDL">
+
+ <title>STS's WSDL</title>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions
+ targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+
+ <wsdl:types>
+ <xs:schema elementFormDefault="qualified"
+ targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType'/>
+ <xs:element name='RequestSecurityTokenResponse'
+ type='wst:AbstractRequestSecurityTokenType'/>
+
+ <xs:complexType name='AbstractRequestSecurityTokenType'>
+ <xs:sequence>
+ <xs:any namespace='##any' processContents='lax' minOccurs='0'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:attribute name='Context' type='xs:anyURI' use='optional'/>
+ <xs:anyAttribute namespace='##other' processContents='lax'/>
+ </xs:complexType>
+ <xs:element name='RequestSecurityTokenCollection'
+ type='wst:RequestSecurityTokenCollectionType'/>
+ <xs:complexType name='RequestSecurityTokenCollectionType'>
+ <xs:sequence>
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType' minOccurs='2'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name='RequestSecurityTokenResponseCollection'
+ type='wst:RequestSecurityTokenResponseCollectionType'/>
+ <xs:complexType name='RequestSecurityTokenResponseCollectionType'>
+ <xs:sequence>
+ <xs:element ref='wst:RequestSecurityTokenResponse' minOccurs='1'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:anyAttribute namespace='##other' processContents='lax'/>
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:message name="RequestSecurityTokenMsg">
+ <wsdl:part name="request" element="wst:RequestSecurityToken"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseMsg">
+ <wsdl:part name="response"
+ element="wst:RequestSecurityTokenResponse"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenCollectionMsg">
+ <wsdl:part name="requestCollection"
+ element="wst:RequestSecurityTokenCollection"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:part name="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection"/>
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portType name="WSSecurityRequestor">
+ <wsdl:operation name="Challenge">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <wsdl:portType name="STS">
+ <wsdl:operation name="Cancel">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Issue">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"
+ message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <wsdl:input message="tns:RequestSecurityTokenCollectionMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portType name="SecurityTokenResponseService">
+ <wsdl:operation name="RequestSecurityTokenResponse">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <wsdl:binding name="UT_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#UT_policy"/>
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="SecurityTokenService">
+ <wsdl:port name="UT_Port" binding="tns:UT_Binding">
+ <soap:address location="http://localhost:8080/SecurityTokenService/UT"/>
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Al...">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-STS%27simplementationclass">
+
+ <title>STS's implementation class</title>
+ <para>
+ The Apache CXF's STS, SecurityTokenServiceProvider, is a web service provider that is compliant with the protocols and functionality defined by the WS-Trust specification. It has a modular architecture. Many of its components are configurable or replaceable and there are many optional features that are enabled by implementing and configuring plug-ins. Users can customize their own STS by extending from SecurityTokenServiceProvider and overriding the default settings. Extensive information about the CXF's STS configurable and pluggable components can be found
+ <ulink url="http://coheigea.blogspot.com/2011/11/apache-cxf-sts-documentation-part-vi...">here</ulink>
+ .
+ </para>
+ <para>This STS implementation class, SampleSTSHolderOfKey, is a POJO that extends from SecurityTokenServiceProvider. Note that the class is defined with a WebServiceProvider annotation and not a WebService annotation. This annotation defines the service as a Provider-based endpoint, meaning it supports a more messaging-oriented approach to Web services. In particular, it signals that the exchanged messages will be XML documents of some type. SecurityTokenServiceProvider is an implementation of the javax.xml.ws.Provider interface. In comparison the WebService annotation defines a (service endpoint interface) SEI-based endpoint which supports message exchange via SOAP envelopes.</para>
+ <para>As was done in the HolderOfKeyImpl class, the WSS4J annotations EndpointProperties and EndpointProperty are providing endpoint configuration for the CXF runtime. The first EndpointProperty statements declares the Java properties file that contains the (Merlin) crypto configuration information. WSS4J reads this file and extra required information for message handling. The last EndpointProperty statement declares the STSHolderOfKeyCallbackHandler implementation class. It is used to obtain the user's password for the certificates in the keystore file.</para>
+ <para>In this implementation we are customizing the operations of token issuance and their static properties.</para>
+ <para>StaticSTSProperties is used to set select properties for configuring resources in the STS. You may think this is a duplication of the settings made with the WSS4J annotations. The values are the same but the underlaying structures being set are different, thus this information must be declared in both places.</para>
+ <para>The setIssuer setting is important because it uniquely identifies the issuing STS. The issuer string is embedded in issued tokens and, when validating tokens, the STS checks the issuer string value. Consequently, it is important to use the issuer string in a consistent way, so that the STS can recognize the tokens that it has issued.</para>
+ <para>The setEndpoints call allows the declaration of a set of allowed token recipients by address. The addresses are specified as reg-ex patterns.</para>
+ <para>TokenIssueOperation has a modular structure. This allows custom behaviors to be injected into the processing of messages. In this case we are overriding the SecurityTokenServiceProvider's default behavior and performing SAML token processing. CXF provides an implementation of a SAMLTokenProvider which we are using rather than writing our own.</para>
+ <para>
+ Learn more about the SAMLTokenProvider
+ <ulink url="http://coheigea.blogspot.it/2011/10/apache-cxf-sts-documentation-part-iv....">here</ulink>
+ .
+ </para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsholderofkey;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.operation.TokenIssueOperation;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
+
+import javax.xml.ws.WebServiceProvider;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * User: rsearls
+ * Date: 3/14/14
+ */
+@WebServiceProvider(serviceName = "SecurityTokenService",
+ portName = "UT_Port",
+ targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+ wsdlLocation = "WEB-INF/wsdl/holderofkey-ws-trust-1.4-service.wsdl")
+//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF annotations are ignored
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsholderofkey.STSHolderOfKeyCallbackHandler")
+})
+public class SampleSTSHolderOfKey extends SecurityTokenServiceProvider
+{
+
+ public SampleSTSHolderOfKey() throws Exception
+ {
+ super();
+
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(STSHolderOfKeyCallbackHandler.class.getName());
+ props.setEncryptionCryptoProperties("stsKeystore.properties");
+ props.setEncryptionUsername("myservicekey");
+ props.setIssuer("DoubleItSTSIssuer");
+
+ List<ServiceMBean> services = new LinkedList<ServiceMBean>();
+ StaticService service = new StaticService();
+ service.setEndpoints(Arrays.asList(
+ "https://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-holderofkey/Hold...",
+ "https://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService",
+ "https://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService"
+ ));
+
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ issueOperation.setServices(services);
+ issueOperation.setStsProperties(props);
+ this.setIssueOperation(issueOperation);
+
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-HolderOfKeyCallbackHandler">
+
+ <title>HolderOfKeyCallbackHandler</title>
+ <para>STSHolderOfKeyCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsholderofkey;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * User: rsearls
+ * Date: 3/19/14
+ */
+public class STSHolderOfKeyCallbackHandler extends PasswordCallbackHandler
+{
+ public STSHolderOfKeyCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("mystskey", "stskpass");
+ passwords.put("alice", "clarinet");
+ return passwords;
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-Cryptopropertiesandkeystorefilesx">
+
+ <title>Crypto properties and keystore files</title>
+ <para>WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File stsKeystore.properties contains this information.</para>
+ <para>
+ File servicestore.jks, is a Java KeyStore (JKS) repository. It contains self signed certificates for myservicekey and mystskey.
+ <emphasis role="italics">Self signed certificates are not appropriate for production use.</emphasis>
+ </para>
+ <informalexample>
+ <programlisting>
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=stsspass
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-MANIFEST.MFx">
+
+ <title>MANIFEST.MF</title>
+ <para>When deployed on WildFly, this application requires access to the JBossWs and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are needed to build the STS configuration in the SampleSTSHolderOfKey constructor. The dependency statement directs the server to provide them at deployment.</para>
+ <informalexample>
+ <programlisting>
+Manifest-Version:1.0
+Ant-Version: Apache Ant1.8.2
+Created-By:1.7.0_25-b15 (Oracle Corporation)
+Dependencies: org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl
+</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-Webservicerequester">
+
+ <title>Web service requester</title>
+ <para>This section examines the crucial elements in calling a web service that implements endpoint security as described in the SAML Holder-Of-Key scenario. The components that will be discussed are.</para>
+ <itemizedlist>
+ <listitem>
+ <para>web service requester's implementation</para>
+ </listitem>
+ <listitem>
+ <para>ClientCallbackHandler</para>
+ </listitem>
+ <listitem>
+ <para>Crypto properties and keystore files</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-WebservicerequesterImplementation">
+
+ <title>Web service requester Implementation</title>
+ <para>The ws-requester, the client, uses standard procedures for creating a reference to the web service. To address the endpoint security requirements, the web service's "Request Context" is configured with the information needed in message generation. In addition, the STSClient that communicates with the STS is configured with similar values. Note the key strings ending with a ".it" suffix. This suffix flags these settings as belonging to the STSClient. The internal CXF code assigns this information to the STSClient that is auto-generated for this service call.</para>
+ <para>There is an alternate method of setting up the STSCLient. The user may provide their own instance of the STSClient. The CXF code will use this object and not auto-generate one. When providing the STSClient in this way, the user must provide a org.apache.cxf.Bus for it and the configuration keys must not have the ".it" suffix. This is used in the ActAs and OnBehalfOf examples.</para>
+ <informalexample>
+ <programlisting>
+String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService";
+
+final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy", "HolderOfKeyService");
+final URL wsdlURL = new URL(serviceURL + "?wsdl");
+Service service = Service.create(wsdlURL, serviceName);
+HolderOfKeyIface proxy = (HolderOfKeyIface) service.getPort(HolderOfKeyIface.class);
+
+Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
+
+// set the security related configuration information for the service "request"
+ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+//-- Configuration settings that will be transfered to the STSClient
+// "alice" is the name provided for the WSS Username. Her password will
+// be retreived from the ClientCallbackHander by the STSClient.
+ctx.put(SecurityConstants.USERNAME + ".it", "alice");
+ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
+ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
+ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
+ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
+
+proxy.sayHello();
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-ClientCallbackHandler">
+
+ <title>ClientCallbackHandler</title>
+ <para>ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It is used to obtain the password for the private key in the keystore. This class enables CXF to retrieve the password of the user name to use for the message signature. Note that "alice" and her password have been provided here. This information is not in the (JKS) keystore but provided in the WildFly security domain. It was declared in file jbossws-users.properties.</para>
+ <informalexample>
+ <programlisting>
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.ws.security.WSPasswordCallback;
+
+public class ClientCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ } else if ("myservicekey".equals(pc.getIdentifier())) { // rls test added for bearer test
+ pc.setPassword("skpass");
+ break;
+ }
+ }
+ }
+ }
+}
+</programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-78906915_SAMLHolder-Of-KeyAssertionScenario-Cryptopropertiesandkeystorefilesxx">
+
+ <title>Crypto properties and keystore files</title>
+ <para>WSS4J's Crypto implementation is loaded and configured via a Java properties file that contains Crypto configuration data. The file contains implementation-specific properties such as a keystore location, password, default alias and the like. This application is using the Merlin implementation. File clientKeystore.properties contains this information.</para>
+ <para>
+ File clientstore.jks, is a Java KeyStore (JKS) repository. It contains self signed certificates for myservicekey and mystskey.
+ <emphasis role="italics">Self signed certificates are not appropriate for production use.</emphasis>
+ </para>
+ <informalexample>
+ <programlisting>
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
+org.apache.ws.security.crypto.merlin.keystore.file=META-INF/clientstore.jks
+</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ </section>
</section>
<section id="sid-3866797">
@@ -5725,95 +8348,116 @@
<section id="sid-3866797_WS-ReliableMessaging-Additionalconfiguration">
<title>Additional configuration</title>
- <para>
- Fine-grained tuning of WS-Reliable Messaging engine requires setting up proper RM features in the
- <code>Bus</code>
- using a Spring XML descriptor; here is an example:
- </para>
+ <para>Fine-grained tuning of WS-Reliable Messaging engine requires setting up proper RM features and attach them for instance to the client proxy. Here is an example:</para>
<informalexample>
<programlisting>
-<beans
- xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:wsa="http://cxf.apache.org/ws/addressing"
- xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:wsrm-policy="http://schemas.xmlsoap.org/ws/2005/02/rm/policy"
- xmlns:wsrm-mgr="http://cxf.apache.org/ws/rm/manager"
- xsi:schemaLocation="
- http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://cxf.apache.org/transports/http/configuration
- http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://schemas.xmlsoap.org/ws/2005/02/rm/policy
- http://schemas.xmlsoap.org/ws/2005/02/rm/wsrm-policy.xsd
- http://cxf.apache.org/ws/rm/manager
- http://cxf.apache.org/schemas/configuration/wsrm-manager.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans.xsd">
+package org.jboss.test.ws.jaxws.samples.wsrm.client;
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- <wsa:addressing/>
- <wsrm-mgr:reliableMessaging>
- <wsrm-policy:RMAssertion>
- <wsrm-policy:BaseRetransmissionInterval Milliseconds="4000"/>
- <wsrm-policy:AcknowledgementInterval Milliseconds="2000"/>
- </wsrm-policy:RMAssertion>
- <wsrm-mgr:destinationPolicy>
- <wsrm-mgr:acksPolicy intraMessageThreshold="0" />
- </wsrm-mgr:destinationPolicy>
- </wsrm-mgr:reliableMessaging>
- </cxf:features>
- </cxf:bus>
-</beans
+//...
+import javax.xml.ws.Service;
+import org.apache.cxf.ws.rm.feature.RMFeature;
+import org.apache.cxf.ws.rm.manager.AcksPolicyType;
+import org.apache.cxf.ws.rm.manager.DestinationPolicyType;
+import org.apache.cxf.ws.rmp.v200502.RMAssertion;
+import org.apache.cxf.ws.rmp.v200502.RMAssertion.AcknowledgementInterval;
+import org.jboss.test.ws.jaxws.samples.wsrm.generated.SimpleService;
+
+//...
+Service service = Service.create(wsdlURL, serviceName);
+
+RMFeature feature = new RMFeature();
+RMAssertion rma = new RMAssertion();
+RMAssertion.BaseRetransmissionInterval bri = new RMAssertion.BaseRetransmissionInterval();
+bri.setMilliseconds(4000L);
+rma.setBaseRetransmissionInterval(bri);
+AcknowledgementInterval ai = new AcknowledgementInterval();
+ai.setMilliseconds(2000L);
+rma.setAcknowledgementInterval(ai);
+feature.setRMAssertion(rma);
+DestinationPolicyType dp = new DestinationPolicyType();
+AcksPolicyType ap = new AcksPolicyType();
+ap.setIntraMessageThreshold(0);
+dp.setAcksPolicy(ap);
+feature.setDestinationPolicy(dp);
+
+SimpleService proxy = (SimpleService)service.getPort(SimpleService.class, feature);
+proxy.echo("Hello World");
</programlisting>
</informalexample>
- <para>The client needs to pick up the bus configuration such as below:</para>
+ <para>
+ The same can of course be achieved by factoring the feature into a custom pojo extending
+ <code>org.apache.cxf.ws.rm.feature.RMFeature</code>
+ and setting the obtained property in a client configuration:
+ </para>
<informalexample>
<programlisting>
package org.jboss.test.ws.jaxws.samples.wsrm.client;
-import java.net.URL;
-import java.io.File;
-import javax.xml.namespace.QName;
-import javax.xml.ws.Service;
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory;
-import org.jboss.test.ws.jaxws.samples.wsrm.generated.SimpleService;
+import org.apache.cxf.ws.rm.feature.RMFeature;
+import org.apache.cxf.ws.rm.manager.AcksPolicyType;
+import org.apache.cxf.ws.rm.manager.DestinationPolicyType;
+import org.apache.cxf.ws.rmp.v200502.RMAssertion;
+import org.apache.cxf.ws.rmp.v200502.RMAssertion.AcknowledgementInterval;
-public final class SimpleServiceTestCase
+public class CustomRMFeature extends RMFeature
{
- private static final String serviceURL = "http://localhost:8080/jaxws-samples-wsrm/SimpleService";
+ public CustomRMFeature() {
+ super();
+ RMAssertion rma = new RMAssertion();
+ RMAssertion.BaseRetransmissionInterval bri = new RMAssertion.BaseRetransmissionInterval();
+ bri.setMilliseconds(4000L);
+ rma.setBaseRetransmissionInterval(bri);
+ AcknowledgementInterval ai = new AcknowledgementInterval();
+ ai.setMilliseconds(2000L);
+ rma.setAcknowledgementInterval(ai);
+ super.setRMAssertion(rma);
+ DestinationPolicyType dp = new DestinationPolicyType();
+ AcksPolicyType ap = new AcksPolicyType();
+ ap.setIntraMessageThreshold(0);
+ dp.setAcksPolicy(ap);
+ super.setDestinationPolicy(dp);
+ }
+}
+</programlisting>
+ </informalexample>
+ <para>
+ ... this is how the
+ <code>jaxws-client-config.xml</code>
+ descriptor would look:
+ </para>
+ <informalexample>
+ <programlisting>
+<?xml version="1.0" encoding="UTF-8"?>
- public static void main(String[] args) throws Exception
- {
- URL cxfConfig = new File("resources/jaxws/samples/wsrm/cxf.xml").toURL();
- Bus bus = new JBossWSBusFactory().createBus(cxfConfig);
- try
- {
- BusFactory.setThreadDefaultBus(bus);
+<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
+ xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
- // create service
- QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wsrm", "SimpleService");
- URL wsdlURL = new URL(serviceURL + "?wsdl");
- Service service = Service.create(wsdlURL, serviceName);
- SimpleService proxy = (SimpleService)service.getPort(SimpleService.class);
+ <client-config>
+ <config-name>Custom Client Config</config-name>
+ <property>
+ <property-name>cxf.features</property-name>
+ <property-value>org.jboss.test.ws.jaxws.samples.wsrm.client.CustomRMFeature</property-value>
+ </property>
+ </client-config>
- // invoke methods
- proxy.echo("Hello World!");
- }
- finally
- {
- // shutdown bus
- bus.shutdown(true);
- }
- }
-}
+</jaxws-config>
</programlisting>
</informalexample>
+ <para>... and this is how the client would set the configuration:</para>
+ <informalexample>
+ <programlisting>
+import org.jboss.ws.api.configuration.ClientConfigUtil;
+import org.jboss.ws.api.configuration.ClientConfigurer;
+
+//...
+Service service = Service.create(wsdlURL, serviceName);
+SimpleService proxy = (SimpleService)service.getPort(SimpleService.class);
+
+ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
+configurer.setConfigProperties(proxy, "META-INF/jaxws-client-config.xml", "Custom Client Config");
+proxy.echo("Hello World!");
+</programlisting>
+ </informalexample>
</section>
</section>
</section>
@@ -5840,7 +8484,7 @@
<emphasis role="italics">HTTP</emphasis>
WS endpoints (in
<emphasis role="italics">war</emphasis>
- archives). The webservices layer of JBoss Application Server takes care of looking for
+ archives). The webservices layer of WildFly takes care of looking for
<emphasis role="italics">JMS</emphasis>
enpdoints in the deployed archive and starts them delegating to the Apache CXF core similarly as with
<emphasis role="italics">HTTP</emphasis>
@@ -5932,18 +8576,6 @@
archives doesn't need any entry for JMS endpoints.
</para>
</note>
- <note>
- <para>
- At the time of writing, the Apache CXF support for JMS transport requires
- <emphasis role="italics">Spring</emphasis>
- libraries to be available at runtime.
- </para>
- <para>
- Please make sure
- <emphasis role="italics">Spring</emphasis>
- is properly installed on the application server, perhaps using the JBossWS installation option for it.
- </para>
- </note>
</section>
<section id="sid-3866801_SOAPoverJMS-Examples">
@@ -6032,13 +8664,13 @@
<emphasis role="italics">HelloWorldImplPort</emphasis>
here is meant for using the
<emphasis role="italics">testQueue</emphasis>
- that's available by default on JBoss Application Server 7
+ that has to be created before deploying the endpoint.
</para>
</important>
<para>
At the time of writing,
<emphasis role="italics">java:/ConnectionFactory</emphasis>
- is the default connection factory JNDI location on JBoss Application Server 7
+ is the default connection factory JNDI location.
</para>
<para>
For allowing remote JNDI lookup of the connection factory, a specific service (
@@ -6053,7 +8685,6 @@
</para>
<important>
<para>Have a look at the application server domain for finding out the configured connection factory JNDI locations.</para>
- <para>Remote JNDI support is available starting from JBoss Application Server 7.1.</para>
</important>
<para>The endpoint implementation is a basic JAX-WS POJO using @WebService annotation to refer to the consumed contract:</para>
<informalexample>
@@ -6090,7 +8721,7 @@
archive and deploy it:
</para>
<informalexample>
- <programlisting>alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-spring-tests/target/test-libs/jaxws-cxf-jms-only-deployment.jar
+ <programlisting>alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-cxf-jms-only-deployment.jar
0 Thu Jun 23 15:18:44 CEST 2011 META-INF/
129 Thu Jun 23 15:18:42 CEST 2011 META-INF/MANIFEST.MF
0 Thu Jun 23 15:18:42 CEST 2011 org/
@@ -6109,7 +8740,7 @@
<para>
A dependency on
<code>org.hornetq</code>
- module needs to be added in MANIFEST.MF when deploying to JBoss Application Server 7.
+ module needs to be added in MANIFEST.MF when deploying to WildFly.
</para>
<informalexample>
<programlisting>Manifest-Version: 1.0
@@ -6160,7 +8791,7 @@
</informalexample>
<important>
<para>
- Have a look at the JBoss Application Server 7 domain and messaging configuration for finding out the actual security requirements. At the time of writing, a user with
+ Have a look at the WildFly domain and messaging configuration for finding out the actual security requirements. At the time of writing, a user with
<code>guest</code>
role is required and that's internally checked using the
<code>other</code>
@@ -6355,7 +8986,7 @@
archive:
</para>
<informalexample>
- <programlisting>alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-spring-tests/target/test-libs/jaxws-cxf-jms-http-deployment.war
+ <programlisting>alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-cxf-jms-http-deployment.war
0 Thu Jun 23 15:18:44 CEST 2011 META-INF/
129 Thu Jun 23 15:18:42 CEST 2011 META-INF/MANIFEST.MF
0 Thu Jun 23 15:18:44 CEST 2011 WEB-INF/
@@ -6395,7 +9026,7 @@
<para>
Here too the MANIFEST.MF needs to declare a dependency on
<emphasis role="italics">org.hornetq</emphasis>
- module when deploying to JBoss Application Server 7.
+ module when deploying to WildFly.
</para>
</important>
<para>Finally, the JAX-WS client can ineract with both JMS and HTTP endpoints as usual:</para>
@@ -6977,4 +9608,312 @@
</section>
</section>
</section>
+ <section id="sid-83919125">
+
+ <title>Published WSDL customization</title>
+ <section id="sid-83919125_PublishedWSDLcustomization-Endpointaddressrewrite">
+
+ <title>Endpoint address rewrite</title>
+ <para>
+ JBossWS supports the rewrite of the
+ <code><soap:address></code>
+ element of endpoints published in WSDL contracts. This feature is useful for controlling the server address that is advertised to clients for each endpoint. The rewrite mechanism is configured at server level through a set of elements in the webservices subsystem of the WildFly management model. Please refer to the container documentation for details on the options supported in the selected container version. Below is a list of the elements available in the latest WildFly sources:
+ </para>
+ <informaltable>
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>
+ <para>Name</para>
+ </entry>
+ <entry>
+ <para>Type</para>
+ </entry>
+ <entry>
+ <para>Description</para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>
+ modify-wsdl-address
+
+ </para>
+ </entry>
+ <entry>
+ <para>boolean</para>
+ </entry>
+ <entry>
+ <para>
+ This boolean enables and disables the address rewrite functionality.
+
+ When modify-wsdl-address is set to true and the content of <soap:address> is a valid URL, JBossWS will rewrite the URL using the values of wsdl-host and wsdl-port or wsdl-secure-port.
+
+ When modify-wsdl-address is set to false and the content of <soap:address> is a valid URL, JBossWS will not rewrite the URL. The <soap:address> URL will be used.
+
+ When the content of <soap:address> is not a valid URL, JBossWS will rewrite it no matter what the setting of modify-wsdl-address.
+
+ If modify-wsdl-address is set to true and wsdl-host is not defined or explicitly set to
+ <emphasis role="italics">'</emphasis>
+ <code>jbossws.undefined.host</code>
+ _' _ the content of <soap:address> URL is use. JBossWS uses the requester's host when rewriting the <soap:address>
+
+ When modify-wsdl-address is not defined JBossWS uses a default value of true.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ wsdl-host
+
+ </para>
+ </entry>
+ <entry>
+ <para>string</para>
+ </entry>
+ <entry>
+ <para>
+ The hostname / IP address to be used for rewriting
+ <code><soap:address></code>
+ .
+
+ If
+ <code>wsdl-host</code>
+ is set to
+ <code>jbossws.undefined.host</code>
+ , JBossWS uses the requester's host when rewriting the
+ <code><soap:address></code>
+
+ When wsdl-host is not defined JBossWS uses a default value of '
+ <code>jbossws.undefined.host</code>
+ '.
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ wsdl-port
+
+ </para>
+ </entry>
+ <entry>
+ <para>int</para>
+ </entry>
+ <entry>
+ <para>
+ Set this property to explicitly define the HTTP port that will be used for rewriting the SOAP address.
+
+ Otherwise the HTTP port will be identified by querying the list of installed HTTP connectors.
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ wsdl-secure-port
+
+ </para>
+ </entry>
+ <entry>
+ <para>int</para>
+ </entry>
+ <entry>
+ <para>
+ Set this property to explicitly define the HTTPS port that will be used for rewriting the SOAP address.
+
+ Otherwise the HTTPS port will be identified by querying the list of installed HTTPS connectors.
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl-uri-scheme</para>
+ </entry>
+ <entry>
+ <para>
+ string
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ This property explicitly sets the URI scheme to use for rewriting
+ <code><soap:address></code>
+ . Valid values are
+ <code>http</code>
+ and
+ <code>https</code>
+ . This configuration overrides scheme computed by processing the endpoint (even if a transport guarantee
+
+ is specified). The provided values for
+ <code>wsdl-port</code>
+ and
+ <code>wsdl-secure-port</code>
+ (or their default values) are used depending on specified scheme.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl-path-rewrite-rule</para>
+ </entry>
+ <entry>
+ <para>
+ string
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ This string defines a SED substitution command (e.g., 's/regexp/replacement/g') that JBossWS executes against the path component of each <soap:address> URL published from the server.
+
+ When wsdl-path-rewrite-rule is not defined, JBossWS retains the original path component of each <soap:address> URL.
+
+ When 'modify-wsdl-address' is set to "false" this element is ignored.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>
+ Additionally, users can override the server level configuration by requesting a specific rewrite behavior for a given endpoint deployment. That is achieved by setting one of the following properties within a
+ <emphasis role="italics">jboss-webservices.xml</emphasis>
+ descriptor:
+ </para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>
+ <para>Property</para>
+ </entry>
+ <entry>
+ <para>Corresponding server option</para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>wsdl.soapAddress.rewrite.modify-wsdl-address</para>
+ </entry>
+ <entry>
+ <para>modify-wsdl-address</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl.soapAddress.rewrite.wsdl-host</para>
+ </entry>
+ <entry>
+ <para>wsdl-host</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl.soapAddress.rewrite.wsdl-port</para>
+ </entry>
+ <entry>
+ <para>wsdl-port</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl.soapAddress.rewrite.wsdl-secure-port</para>
+ </entry>
+ <entry>
+ <para>wsdl-secure-port</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl.soapAddress.rewrite.wsdl-path-rewrite-rule</para>
+ </entry>
+ <entry>
+ <para>wsdl-path-rewrite-rule</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>wsdl.soapAddress.rewrite.wsdl-uri-scheme</para>
+ </entry>
+ <entry>
+ <para>wsdl-uri-scheme</para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>Here is an example of partial overriding of the default configuration for a specific deployment:</para>
+ <informalexample>
+ <programlisting><?xml version="1.1" encoding="UTF-8"?>
+<webservices version="1.2"
+ xmlns="http://www.jboss.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee">
+ <property>
+ <name>wsdl.soapAddress.rewrite.wsdl-uri-scheme</name>
+ <value>https</value>
+ </property>
+ <property>
+ <name>wsdl.soapAddress.rewrite.wsdl-host</name>
+ <value>foo</value>
+ </property>
+</webservices></programlisting>
+ </informalexample>
+ </section>
+ <section id="sid-83919125_PublishedWSDLcustomization-Systempropertyreferences">
+
+ <title>System property references</title>
+ <para>System property references wrapped within "@" characters are expanded when found in WSDL attribute and element values. This allows for instance including multiple WS-Policy declarations in the contract and selecting the policy to use depending on a server wide system property; here is an example:</para>
+ <informalexample>
+ <programlisting><wsdl:definitions ...>
+ ...
+ <wsdl:binding name="ServiceOneSoapBinding" type="tns:EndpointOne">
+ ...
+ <wsp:PolicyReference URI="#(a)org.jboss.wsf.test.JBWS3628TestCase.policy@"/>
+ <wsdl:operation name="echo">
+ ...
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="ServiceOne">
+ <wsdl:port binding="tns:ServiceOneSoapBinding" name="EndpointOnePort">
+ <soap:address location="http://localhost:8080/jaxws-cxf-jbws3628/ServiceOne"/>
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..." xmlns:wsp="http://www.w3.org/ns/ws-policy" wsu:Id="WS-RM_Policy">
+ <wsrmp:RMAssertion xmlns:wsrmp="http://schemas.xmlsoap.org/ws/2005/02/rm/policy">
+ ...
+ </wsrmp:RMAssertion>
+ </wsp:Policy>
+
+ <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..." xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" wsu:Id="WS-Addressing_policy">
+ <wsam:Addressing>
+ <wsp:Policy/>
+ </wsam:Addressing>
+ </wsp:Policy>
+</wsdl:definitions></programlisting>
+ </informalexample>
+ <para>
+ If the
+ <emphasis role="strong">
+ <emphasis role="italics">org.jboss.wsf.test.JBWS3628TestCase.policy</emphasis>
+ </emphasis>
+ system property is defined and set to "
+ <emphasis role="strong">
+ <emphasis role="italics">WS-Addressing_policy</emphasis>
+ </emphasis>
+ ", WS-Addressing will be enabled for the endpoint defined by the contract above.
+ </para>
+ </section>
+ </section>
</chapter>
Modified: stack/cxf/trunk/modules/dist/src/main/doc/chapter-6-JBoss_Modules.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/chapter-6-JBoss_Modules.xml 2015-04-22 18:30:24 UTC (rev 19683)
+++ stack/cxf/trunk/modules/dist/src/main/doc/chapter-6-JBoss_Modules.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -3,20 +3,20 @@
<chapter id="sid-4784150">
<title>JBoss Modules</title>
- <para>The JBoss Web Services functionalities are provided by a given set of modules / libraries installed on the JBoss Application Server.</para>
+ <para>The JBoss Web Services functionalities are provided by a given set of modules / libraries installed on the server.</para>
<para>
- On JBoss Application Server 7, those are organized into JBoss Modules modules. In particular the
+ On WildFly, those are organized into JBoss Modules modules. In particular the
<emphasis role="italics">org.jboss.as.webservices.*</emphasis>
and
<emphasis role="italics">org.jboss.ws.*</emphasis>
- modules belong to the JBossWS - AS7 integration. Users should not need to change anything in them.
+ modules belong to the JBossWS - WildFly integration. Users should not need to change anything in them.
</para>
- <para>While users are of course allowed to provide their own modules for their custom needs, below is a brief collection of suggestions and hints around modules and webservices development on JBoss Application Server 7.</para>
+ <para>While users are of course allowed to provide their own modules for their custom needs, below is a brief collection of suggestions and hints around modules and webservices development on WildFly.</para>
<section id="sid-4784150_JBossModules-Settingmoduledependencies">
<title>Setting module dependencies</title>
<para>
- On JBoss Aplication Server 7 the user deployment classloader does not have any visibility over JBoss internals; so for instance you can't
+ On WildFly the user deployment classloader does not have any visibility over JBoss internals; so for instance you can't
<emphasis role="italics">directly</emphasis>
use JBossWS
<emphasis role="italics">implementation</emphasis>
@@ -47,7 +47,7 @@
exports the classes from the module to any other module that might be depending on the module implicitly created for your deployment.
</para>
<note>
- <para>When using annotations on your endpoints / handlers such as the Apache CXF ones (@InInterceptor, @GZIP, ...) remember to add the proper module dependency in your manifest. Otherwise your annotations are not picked up and added to the annotation index by JBoss Application Server 7, resulting in them being completely and silently ignored.</para>
+ <para>When using annotations on your endpoints / handlers such as the Apache CXF ones (@InInterceptor, @GZIP, ...) remember to add the proper module dependency in your manifest. Otherwise your annotations are not picked up and added to the annotation index by WildFly, resulting in them being completely and silently ignored.</para>
</note>
<section id="sid-4784150_JBossModules-UsingJAXB">
@@ -108,15 +108,6 @@
</para>
</important>
</section>
- <section id="sid-4784150_JBossModules-UsingSpring">
-
- <title>Using Spring</title>
- <para>
- The JBossWS-CXF modules have optional dependencies to the
- <emphasis role="italics">org.springframework.spring</emphasis>
- module. So either create that manually in the application server or use the JBossWS-CXF installation scripts for doing that.
- </para>
- </section>
<section id="sid-4784150_JBossModules-Annotationscanning">
<title>Annotation scanning</title>
@@ -136,47 +127,6 @@
<title>Using jboss-deployment-descriptor.xml</title>
<para>In some circumstances, the convenient approach of setting module dependencies in MANIFEST.MF might not work. An example is the need for importing/exporting specific resources from a given module dependency. Users should hence add a jboss-deployment-structure.xml descriptor to their deployment and set module dependencies in it.</para>
- <section id="sid-4784150_JBossModules-SpringbasedincontainerBuscreation">
-
- <title>Spring based in-container Bus creation</title>
- <para>
- A noteworthy scenario requiring explicit module dependencies declaration is whenever a Spring beans descriptor based Bus is created by users in a in-container client. Spring basically resolves any beans declared in the descriptor (e.g.
- <emphasis role="italics">cxf.xml</emphasis>
- ), as well as any transitively referenced internal CXF descriptor, using the thread context classloader. That is the classloader associated to the deployment, which is different from the classloader used by JBossWS internally. As a consequence, in this scenario a
- <emphasis role="italics">jboss-deployment-structure.xml</emphasis>
- as follows is required:
-
- </para>
- <informalexample>
- <programlisting><jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
- <deployment>
- <dependencies>
- <module name="org.jboss.ws.cxf.jbossws-cxf-client" services="import" />
- <module name="org.apache.cxf.impl">
- <imports>
- <include path="META-INF"/>
- <include path="META-INF/cxf"/>
- </imports>
- </module>
- <module name="org.springframework.spring">
- <imports>
- <include path="META-INF"/>
- </imports>
- </module>
- </dependencies>
- </deployment>
-</jboss-deployment-structure></programlisting>
- </informalexample>
- <para>
- The first dependency (
- <emphasis role="italics">org.jboss.ws.cxf.jbossws-cxf-client</emphasis>
- ) loads JBossWS customizations as well as Apache CXF APIs first. The second dependency (
- <emphasis role="italics">org.apache.cxf.impl</emphasis>
- ) loads the Apache CXF internals (in particular the CXF SpringBus class), required by Spring to load the Bus using the deployment classloader. Finally, the third dependency (
- <emphasis role="italics">org.springframework.spring</emphasis>
- ) is needed to allow resolution of Spring schemas when running offline.
- </para>
- </section>
</section>
</section>
</chapter>
Added: stack/cxf/trunk/modules/dist/src/main/doc/chapter-8-Build_and_testsuite_framework.xml
===================================================================
--- stack/cxf/trunk/modules/dist/src/main/doc/chapter-8-Build_and_testsuite_framework.xml (rev 0)
+++ stack/cxf/trunk/modules/dist/src/main/doc/chapter-8-Build_and_testsuite_framework.xml 2015-04-23 12:38:25 UTC (rev 19684)
@@ -0,0 +1,372 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
+<chapter id="sid-88703514">
+
+ <title>Build and testsuite framework</title>
+ <section id="sid-88703514_Buildandtestsuiteframework-Introduction">
+
+ <title>Introduction</title>
+ <para>
+ The JBossWS project build and testsuites have been completely revisited in version 5.0.0.Beta3. As a result, JBossWS uses the
+ <emphasis role="italics">Arquillian</emphasis>
+ framework to run its integration tests against WildFly containers.
+ </para>
+ <para>
+ There are three test modules in JBossWS' testsuite,
+ <emphasis role="italics">cxf-tests</emphasis>
+ ,
+ <emphasis role="italics">shared-tests</emphasis>
+ and
+ <emphasis role="italics">cxf-spring-tests</emphasis>
+ . Each test module requires at least one
+ <emphasis role="italics">WildFly</emphasis>
+ container to run; multiple containers are used for modules whose tests can't run at the same time on the same container. By default, containers are managed (started / stopped) by Arquillian.The JBossWS build system fetches a copy of the required container from the Maven repository, unpacks it, patches it installing the current webservices stack on it and finally hands it over to Arquillian for the testsuite runs. The test framework also allows letting Arquillian manage an already available container instance on the local filesystem. Finally, it's also possible to execute single tests against a locally running container (non-Arquillian managed) and run the tests concurrently.
+ </para>
+ <section id="sid-88703514_Buildandtestsuiteframework-Prerequisitesandrequirements">
+
+ <title>Prerequisites and requirements</title>
+ <itemizedlist>
+ <listitem>
+ <para>Maven version 3.2.2 or higher is required to build and run the testsuite.</para>
+ </listitem>
+ <listitem>
+ <para>A unique class name for each test across the testsuite's three child modules; classes may have the same package name across the child modules but the overall full-qualified name has to be unique to avoid breaking concurrent tests runs.</para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ </section>
+ <section id="sid-88703514_Buildandtestsuiteframework-Architectureoverview">
+
+ <title>Architecture overview</title>
+ <para>When the build fetches the a container from the Maven repository, a patched copy of it is put within the target/test-server sub-directory of each testsuite module. For instance, you could have:</para>
+ <sidebar>
+ <para>
+ ./modules/testsuite/cxf-tests/target/test-server/jbossws-cxf-dist-5.0.0-SNAPSHOT/wildfly-8.1.0.Final
+
+ ./modules/testsuite/shared-tests/target/test-server/jbossws-cxf-dist-5.0.0-SNAPSHOT/wildfly-8.1.0.Final
+
+ ./modules/testsuite/cxf-spring-tests/target/test-server/jbossws-cxf-dist-5.0.0-SNAPSHOT/wildfly-8.1.0.Final
+ </para>
+ </sidebar>
+ <para>
+ Each container copy is also provided with specific standalone mode configuration files (
+ <emphasis role="italics">jbws-testsuite-SOME_IDENTIFIER.xml</emphasis>
+ ) in the
+ <code>standalone/configuration</code>
+ server directory. The actual contents of such descriptors depends on the tests that are to be run against such container configurations (the most common difference when compared to the vanilla standalone.xml is the setup op additional security domains, system properties, web connectors etc.) Each configuration also includes logging setup to ensure logs are written to unique files (
+ <emphasis role="italics">jbws-testsuite-SOME_IDENFIFIER.log</emphasis>
+ ) in
+ <code>standalone/log</code>
+ directory.
+ </para>
+ <section id="sid-88703514_Buildandtestsuiteframework-TargetContainerIdentification">
+
+ <title>Target Container Identification</title>
+ <para>
+ JBossWS supports the current WildFly release and several back versions for testing. See the
+ <ulink url="https://community.jboss.org/wiki/JBossWS-SupportedTargetContainers">supported target containers</ulink>
+ page for details.
+
+ Maven profiles are used to identify the target container to be used for testing. The naming convention is
+ <emphasis role="italics">wildflyXYZ</emphasis>
+ , for example
+ <emphasis role="italics">wildfly820</emphasis>
+ to mean WIldFly 8.2.0.Final.
+ </para>
+ <para>
+ To run tests against an existing local copy of a WildFly container, the user must specify the absolute path to the server implementation's home directory using the command line option,
+ <emphasis role="italics">-Dserver.home=/foo/bar</emphasis>
+ . The server is not expected to be running, as the build will create various standalone server configurations and start multiple instances on different port numbers. However, if a single test of few tests are executed only, the user can have those executed against live WildFly instances previously started on the same port numbers expected by the tests. Arquillian is configured to detect such scenario and use the available server.
+ </para>
+ </section>
+ <section id="sid-88703514_Buildandtestsuiteframework-PortMapping">
+
+ <title>Port Mapping</title>
+ <para>
+ To facilitate concurrent testing a port offset has been defined for each of the server configurations. The offsets are defined in the
+ <code><properties></code>
+ element of the
+ <code>modules/testsuite/pom.xml</code>
+ file.
+ </para>
+ </section>
+ </section>
+ <section id="sid-88703514_Buildandtestsuiteframework-CommandLineOptions">
+
+ <title>Command Line Options</title>
+ <para>As any other Maven-based project, JBossWS is built as follows:</para>
+ <informalexample>
+ <programlisting>mvn -P[profile] -D[options] [phase]</programlisting>
+ </informalexample>
+ <section id="sid-88703514_Buildandtestsuiteframework-Profile">
+
+ <title>Profile</title>
+ <para>JBossWS uses Maven profiles to declare the target container and other types of environment setup. Multiple profiles are provided as a comma separated list of profile names. Only a single target container profile is allowed at the same time though.</para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>
+ <para>Profile</para>
+ </entry>
+ <entry>
+ <para>
+ Description
+
+ </para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>
+ <code>wildflyXYZ</code>
+
+ </para>
+ </entry>
+ <entry>
+ <para>Designates the target container to use, where XYZ is WildFly's three digit version number</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ <code>spring</code>
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Enables Spring support; this causes Spring libraries to be installed on the target container and the cxf-spring-tests testsuite module to be also run
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ <code>fast</code>
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Declares the tests are to be run concurrently
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ <code>dist</code>
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Explicitly includes
+ <emphasis role="italics">dist</emphasis>
+ module in the build; by default this is automatically triggered (only) when a
+ <code>wildflyXYZ</code>
+ profile is set.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ <code>testsuite</code>
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Explicitly includes the testsuite modules in the build; by default this is automatically triggered (only) when a
+ <code>wildflyXYZ</code>
+ profile is set.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </section>
+ <section id="sid-88703514_Buildandtestsuiteframework-Options">
+
+ <title>Options</title>
+ <para>Below is a list of the available build / test options:</para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>
+ <para>Option</para>
+ </entry>
+ <entry>
+ <para>
+ Description
+
+ </para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>
+ server.home
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Declares the absolute path to a given local server instance.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>exclude-udp-tests</para>
+ </entry>
+ <entry>
+ <para>Force skipping the UDP tests. This option might be needed when running on a network that does not allow UDP broadcast.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ nodeploy
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Do not upgrade the WS stack on the target server container.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ noprepare
+
+ </para>
+ </entry>
+ <entry>
+ <para>Skip integration tests preparation phase, which includes tuning of the server configurations, wsconsume/wsprovide invocations, etc.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ debug
+
+ </para>
+ </entry>
+ <entry>
+ <para>Turns on Surefire debugging of integration tests only. Debugging address is 5005.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>jboss.bind.address</para>
+ </entry>
+ <entry>
+ <para>Starts the containers bound to the specified network interface address.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>arquillian.deploymentExportPath</para>
+ </entry>
+ <entry>
+ <para>
+ Instructs Arquillian to write the actual test deployments to disk in the specified module sub-directory.
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ test
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Runs the testcases in the specified comma-separated list of JUnit classes
+
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>
+ maven.surefire.debug
+
+ </para>
+ </entry>
+ <entry>
+ <para>
+ Turns on Surefire debugging in any module including tests.
+
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </section>
+ <section id="sid-88703514_Buildandtestsuiteframework-Examples">
+
+ <title>Examples</title>
+ <para>Build the project, deploy the WS stack to a local copy of WildFly 8.2.0.Final and run the testsuite:</para>
+ <informalexample>
+ <programlisting>mvn -Pwildfly820 -Dserver.home=/foo/wildfly-8.2.0.Final integration-test</programlisting>
+ </informalexample>
+ <para>
+ Use
+ <emphasis role="italics">WildFly 8.1.0.Final</emphasis>
+ as the target container (letting the build fetch it), patch it with current WS stack (including Spring libraries) and run only test
+ <emphasis role="italics">BasicDocTestCase</emphasis>
+ that is located in the
+ <emphasis role="italics">cxf-spring-test</emphasis>
+ module:
+ </para>
+ <informalexample>
+ <programlisting>mvn -Pwildfly810,spring integration-test -Dtest="org/jboss/test/ws/jaxws/cxf/wsrm/BasicDocTestCase"</programlisting>
+ </informalexample>
+ <para>Build, deploy, then run the tests concurrently. Run till Maven post-integration-test phase to trigger test servers shutdown and save memory at the end of each testsuite module:</para>
+ <informalexample>
+ <programlisting>mvn -Pfast,wildfly810 post-integration-test</programlisting>
+ </informalexample>
+ <para>Completely clean the project:</para>
+ <informalexample>
+ <programlisting>mvn -Pdist,testsuite,spring clean</programlisting>
+ </informalexample>
+ <para>Build the WS stack and install it on a specified server instance without running the integration testsuite:</para>
+ <informalexample>
+ <programlisting>mvn -Pwildfly900 -Dserver.home=/foo/wildfly-9.0.0.Alpha2-SNAPSHOT package</programlisting>
+ </informalexample>
+ <para>
+ When a server.home option is not provided, the build creates a zip archive with a vanilla WildFly server patched with the current WS stack: the zip file path is modules/dist/target/jbossws-cxf-dist-${
+ <emphasis role="strong">project.version}</emphasis>
+ -wildflyXYZ.zip
+ </para>
+ <informalexample>
+ <programlisting>mvn -Pwildfly810 package</programlisting>
+ </informalexample>
+ </section>
+ </section>
+ <section id="sid-88703514_Buildandtestsuiteframework-Containerremotedebugging">
+
+ <title>Container remote debugging</title>
+ <para>While debugging the a testcase is simply a matter of providing the -Ddebug option, remote debugging the container code that runs the WS stack requires few additional setup steps. The suggested approach is to identify a single test to run; before actually running the test, manually start a target container in debug mode and specifying the proper port offset and server configuration (have a look at the arquillian.xml decriptors in the testsuite). Then run the tests with -Dserver.home=... option pointing to the home dir for the server currently running.</para>
+ </section>
+ </chapter>
Property changes on: stack/cxf/trunk/modules/dist/src/main/doc/chapter-8-Build_and_testsuite_framework.xml
___________________________________________________________________
Added: svn:mime-type
+ text/xml
Added: svn:keywords
+ Rev Date
Added: svn:eol-style
+ native
9 years
- 1
- 0
JBossWS SVN: r19683 - in stack/cxf/tags/jbossws-cxf-4.3.5.Final: modules/addons and 14 other directories.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-22 14:30:24 -0400 (Wed, 22 Apr 2015)
New Revision: 19683
Modified:
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/httpserver/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/undertow/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/udp/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/client/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/dist/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/endorsed/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/jaspi/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/resources/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/server/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-spring-tests/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-tests/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/shared-tests/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/test-utils/pom.xml
stack/cxf/tags/jbossws-cxf-4.3.5.Final/pom.xml
Log:
Fixing poms
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/httpserver/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/httpserver/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/httpserver/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-addons</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/undertow/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/undertow/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/http/undertow/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-addons</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/udp/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/udp/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/addons/transports/udp/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-addons</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/client/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/client/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/client/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/dist/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/dist/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/dist/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/endorsed/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/endorsed/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/endorsed/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/jaspi/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/jaspi/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/jaspi/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/resources/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/resources/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/resources/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/server/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/server/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/server/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-spring-tests/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-spring-tests/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-spring-tests/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-tests/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-tests/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/cxf-tests/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/shared-tests/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/shared-tests/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/shared-tests/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/test-utils/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/test-utils/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/modules/testsuite/test-utils/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/tags/jbossws-cxf-4.3.5.Final/pom.xml
===================================================================
--- stack/cxf/tags/jbossws-cxf-4.3.5.Final/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
+++ stack/cxf/tags/jbossws-cxf-4.3.5.Final/pom.xml 2015-04-22 18:30:24 UTC (rev 19683)
@@ -32,7 +32,7 @@
<description>JBossWS CXF stack</description>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.5.Final</version>
<!-- Parent -->
<parent>
@@ -43,9 +43,9 @@
<!-- Source Control Management -->
<scm>
- <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/stack/cxf/branches/jbossws...</connection>
- <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/stack/cxf/branches/jbossws-cx...</developerConnection>
- <url>http://fisheye.jboss.com/viewrep/JBossWS/stack/cxf/branches/jbossws-cxf-4...</url>
+ <connection>scm:svn:http://anonsvn.jboss.org/repos/jbossws/stack/cxf/tags/jbossws-cxf...</connection>
+ <developerConnection>scm:svn:https://svn.jboss.org/repos/jbossws/stack/cxf/tags/jbossws-cxf-4....</developerConnection>
+ <url>http://fisheye.jboss.com/viewrep/JBossWS/stack/cxf/tags/jbossws-cxf-4.3.5...</url>
</scm>
<!-- Modules -->
9 years
- 1
- 0
JBossWS SVN: r19682 - in stack/cxf/branches/jbossws-cxf-4.3.x: modules/addons and 14 other directories.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-22 12:59:45 -0400 (Wed, 22 Apr 2015)
New Revision: 19682
Modified:
stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/httpserver/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/undertow/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/udp/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/client/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/dist/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/endorsed/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/jaspi/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/resources/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/server/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-spring-tests/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-tests/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/shared-tests/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/test-utils/pom.xml
stack/cxf/branches/jbossws-cxf-4.3.x/pom.xml
Log:
Preparing for next dev cycle
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/httpserver/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/httpserver/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/httpserver/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-addons</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/undertow/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/undertow/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/http/undertow/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-addons</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/udp/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/udp/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/addons/transports/udp/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-addons</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/client/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/client/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/client/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/dist/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/dist/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/dist/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -8,7 +8,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/endorsed/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/endorsed/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/endorsed/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/jaspi/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/jaspi/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/jaspi/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/resources/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/resources/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/resources/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/server/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/server/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/server/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -9,7 +9,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-spring-tests/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-spring-tests/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-spring-tests/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-tests/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-tests/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/cxf-tests/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/shared-tests/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/shared-tests/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/shared-tests/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/test-utils/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/test-utils/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/modules/testsuite/test-utils/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -10,7 +10,7 @@
<parent>
<groupId>org.jboss.ws.cxf</groupId>
<artifactId>jbossws-cxf-testsuite</artifactId>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
Modified: stack/cxf/branches/jbossws-cxf-4.3.x/pom.xml
===================================================================
--- stack/cxf/branches/jbossws-cxf-4.3.x/pom.xml 2015-04-22 16:30:49 UTC (rev 19681)
+++ stack/cxf/branches/jbossws-cxf-4.3.x/pom.xml 2015-04-22 16:59:45 UTC (rev 19682)
@@ -32,7 +32,7 @@
<description>JBossWS CXF stack</description>
- <version>4.3.5-SNAPSHOT</version>
+ <version>4.3.6-SNAPSHOT</version>
<!-- Parent -->
<parent>
9 years
- 1
- 0
JBossWS SVN: r19681 - stack/cxf/tags.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-22 12:30:49 -0400 (Wed, 22 Apr 2015)
New Revision: 19681
Added:
stack/cxf/tags/jbossws-cxf-4.3.5.Final/
Log:
Tagging jbossws-cxf-4.3.5.Final
9 years
- 1
- 0
JBossWS SVN: r19680 - stack/cxf/branches/jbossws-cxf-4.3.x.
by jbossws-commits@lists.jboss.org
Author: asoldano
Date: 2015-04-20 12:32:07 -0400 (Mon, 20 Apr 2015)
New Revision: 19680
Modified:
stack/cxf/branches/jbossws-cxf-4.3.x/
Log:
Blocked revisions 19483-19484,19488-19489,19491-19492,19497,19499,19502-19504,19509-19512,19526-19532,19535-19538,19545 via svnmerge
.......
r19483 | asoldano | 2015-02-16 22:49:48 +0100 (Mon, 16 Feb 2015) | 2 lines
Use latest components; removing maven enforce plugin explicit usage as it's now inherited from parent
.......
r19484 | asoldano | 2015-02-17 10:04:48 +0100 (Tue, 17 Feb 2015) | 2 lines
[JBWS-3668] Moving out of snapshots (wildfly-arquillian-container-managed)
.......
r19488 | asoldano | 2015-02-17 10:21:56 +0100 (Tue, 17 Feb 2015) | 2 lines
[JBWS-3668] Move to released additional maven-resources-plugin filters
.......
r19489 | asoldano | 2015-02-17 11:57:16 +0100 (Tue, 17 Feb 2015) | 2 lines
Preparing for tagging 5.0.0.Beta3
.......
r19491 | asoldano | 2015-02-17 12:28:38 +0100 (Tue, 17 Feb 2015) | 2 lines
Preparing for next dev cycle
.......
r19492 | asoldano | 2015-02-20 20:48:01 +0100 (Fri, 20 Feb 2015) | 2 lines
Move to latest arquillian
.......
r19497 | asoldano | 2015-02-23 22:23:55 +0100 (Mon, 23 Feb 2015) | 2 lines
[JBWS-3871] Remove dependency on org.jboss:jboss-common-core
.......
r19499 | asoldano | 2015-02-24 08:49:37 +0100 (Tue, 24 Feb 2015) | 2 lines
Removing methods not used anymore
.......
r19502 | asoldano | 2015-02-25 12:02:11 +0100 (Wed, 25 Feb 2015) | 1 line
.......
r19503 | asoldano | 2015-02-25 15:31:34 +0100 (Wed, 25 Feb 2015) | 2 lines
[JBWS-3648] Adding (excluded) testcase
.......
r19504 | asoldano | 2015-02-28 00:48:04 +0100 (Sat, 28 Feb 2015) | 2 lines
[JBWS-3846] Additional change to testcase (see commit rev. 19503)
.......
r19509 | asoldano | 2015-03-03 12:21:37 +0100 (Tue, 03 Mar 2015) | 2 lines
[JBWS-3846] Get endpoint configuration from container when available; update CXFInstanceProvider to build component instances for configuration endpoints too; cleanup ServerBeancustomizer
.......
r19510 | asoldano | 2015-03-03 17:54:22 +0100 (Tue, 03 Mar 2015) | 2 lines
[JBWS-3846] Additional tests...
.......
r19511 | asoldano | 2015-03-04 11:59:32 +0100 (Wed, 04 Mar 2015) | 2 lines
[JBWS-3845] Adding testcase
.......
r19512 | asoldano | 2015-03-04 12:01:41 +0100 (Wed, 04 Mar 2015) | 2 lines
[JBWS-3846] Excluding tests on WFLY800
.......
r19526 | asoldano | 2015-03-05 12:50:15 +0100 (Thu, 05 Mar 2015) | 2 lines
[JBWS-3874] Adding jms tests to the cxf-tests module and creating a new server configuration for them
.......
r19527 | asoldano | 2015-03-05 14:31:10 +0100 (Thu, 05 Mar 2015) | 2 lines
[JBWS-3874] Moving jms_http tests too
.......
r19528 | asoldano | 2015-03-05 14:32:26 +0100 (Thu, 05 Mar 2015) | 2 lines
[JBWS-3874] Removing tests from cxf-spring-tests module
.......
r19529 | asoldano | 2015-03-05 16:17:02 +0100 (Thu, 05 Mar 2015) | 2 lines
[JBWS-3874] Do not overwrite application-*.properties
.......
r19530 | asoldano | 2015-03-06 11:27:08 +0100 (Fri, 06 Mar 2015) | 2 lines
removing unused property
.......
r19531 | asoldano | 2015-03-06 15:01:24 +0100 (Fri, 06 Mar 2015) | 2 lines
Make all 'dist' module dependencies have provided scope, so that they do not leak into other modules depending on it. Move 'dist' module dependency from 'test-utils' to 'testsuite' module to allow for simple 'mvn clean install' command to run while keeping proper modules ordering when using -T option.
.......
r19532 | asoldano | 2015-03-06 15:18:52 +0100 (Fri, 06 Mar 2015) | 2 lines
Removing legacy build.xml (not used anymore)
.......
r19535 | asoldano | 2015-03-06 21:18:55 +0100 (Fri, 06 Mar 2015) | 2 lines
[JBWS-3876] Fixing build with JDK 1.8
.......
r19536 | jim.ma | 2015-03-09 09:50:21 +0100 (Mon, 09 Mar 2015) | 1 line
Add more tests for [WFLY-2129][WFLY-3988][WFLY-4289]
.......
r19537 | asoldano | 2015-03-09 15:16:20 +0100 (Mon, 09 Mar 2015) | 2 lines
[JBWS-3668] fix arquillian.xml in shared and spring testsuites to allow -Djboss.bind.address usage
.......
r19538 | asoldano | 2015-03-09 17:08:15 +0100 (Mon, 09 Mar 2015) | 2 lines
Prevent usage of -Djboss.bind.address with -Pfast (wildfly-maven-plugin + arquillian can't handle that)
.......
r19545 | asoldano | 2015-03-09 22:53:55 +0100 (Mon, 09 Mar 2015) | 2 lines
Extending fastinfost tests to use CXF Features
.......
Property changes on: stack/cxf/branches/jbossws-cxf-4.3.x
___________________________________________________________________
Modified: svnmerge-blocked
- /stack/cxf/trunk:18599-18602,18604-18606,18608,18613-18615,18620,18622-18624,18653-18655,18659-18660,18662,18664,18669-18670,18684,18688,18694,18696-18697,18699-18700,18702,18705,18711,18714,18716,18722-18725,18731,18733-18734,18738-18741,18743-18744,18747-18749,18753-18754,18760-18761,18763-18769,18771-18776,18780,18788-18795,18797,18799-18804,18809-18810,18815,18817-18821,18825-18831,18836,18838,18841,18844,18846,18849-18851,18853-18855,18858,18865,18867-18869,18904,18913,18917,18924-18925,18934-18935,18938,18940,18942-18946,18948-18950,18955,18959-18964,18966-18967,18969-18971,18973-18975,18977-18982,18985,18992,19020,19027,19029,19031,19062,19086,19097,19100-19102,19105-19106,19115,19125-19126,19158,19179-19180,19218,19220-19221,19441-19443,19446,19448,19451-19453,19457,19459-19463
+ /stack/cxf/trunk:18599-18602,18604-18606,18608,18613-18615,18620,18622-18624,18653-18655,18659-18660,18662,18664,18669-18670,18684,18688,18694,18696-18697,18699-18700,18702,18705,18711,18714,18716,18722-18725,18731,18733-18734,18738-18741,18743-18744,18747-18749,18753-18754,18760-18761,18763-18769,18771-18776,18780,18788-18795,18797,18799-18804,18809-18810,18815,18817-18821,18825-18831,18836,18838,18841,18844,18846,18849-18851,18853-18855,18858,18865,18867-18869,18904,18913,18917,18924-18925,18934-18935,18938,18940,18942-18946,18948-18950,18955,18959-18964,18966-18967,18969-18971,18973-18975,18977-18982,18985,18992,19020,19027,19029,19031,19062,19086,19097,19100-19102,19105-19106,19115,19125-19126,19158,19179-19180,19218,19220-19221,19441-19443,19446,19448,19451-19453,19457,19459-19463,19483-19484,19488-19489,19491-19492,19497,19499,19502-19504,19509-19512,19526-19532,19535-19538,19545
9 years
- 1
- 0