Author: rsearls
Date: 2014-03-11 12:31:56 -0400 (Tue, 11 Mar 2014)
New Revision: 18496
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl
Log:
[JBWS-3738] unclean code in attempting to resolve bearer test issues.
Modified: stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2014-03-11
16:31:56 UTC (rev 18496)
@@ -466,6 +466,10 @@
<include name="clientKeystore.properties" />
<include name="clientstore.jks" />
</metainf>
+ <!-- rls test only -->
+ <metainf
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl">
+ <include name="bearer-ws-trust-1.4-service.wsdl" />
+ </metainf>
</jar>
<!-- jaxws-samples-wsse-policy-trust-actas -->
@@ -575,18 +579,17 @@
<webinf
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF">
<include name="wsdl/Bearer*"/>
</webinf>
- <!-- rls test
<zipfileset
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF"
prefix="WEB-INF/classes">
<include name="servicestore.jks" />
<include name="serviceKeystore.properties" />
</zipfileset>
- -->
- <!-- rls start test -->
+
+ <!-- rls start test
<zipfileset
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF"
prefix="WEB-INF/classes">
<include name="xclientstore.jks" />
<include name="xclientKeystore.properties" />
</zipfileset>
- <!-- rls end test -->
+ - rls end test -->
<manifest>
<attribute name="Dependencies"
value="org.jboss.ws.cxf.jbossws-cxf-client"/>
</manifest>
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java 2014-03-11
16:31:56 UTC (rev 18496)
@@ -21,25 +21,50 @@
*/
package org.jboss.test.ws.jaxws.samples.wsse.policy.trust;
+import java.io.InputStream;
+
import junit.framework.Test;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.transport.ConduitInitiator;
+import org.apache.cxf.transport.ConduitInitiatorManager;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerIface;
import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.ClientCallbackHandler;
+import org.jboss.wsf.stack.cxf.client.configuration.BeanCustomizer;
+import org.jboss.wsf.stack.cxf.client.configuration.JBossWSConfigurer;
+import org.jboss.wsf.stack.cxf.client.configuration.JBossWSSpringBusFactory;
+import org.jboss.wsf.test.JBossWSCXFTestSetup;
import org.jboss.wsf.test.JBossWSTest;
import org.w3c.dom.Element;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
+import java.io.FileInputStream;
import java.net.URL;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.service.model.ServiceInfo;
+
/**
* A demo of using SAML Bearer key type
*
@@ -48,6 +73,7 @@
*/
public class WSTrustBearerTestCase extends JBossWSTest
{
+
private final String serviceURL = "http://" + getServerHost()
+ ":8080/jaxws-samples-wsse-policy-trust-bearer/BearerService";
private final String stsURL = "http://" + getServerHost()
@@ -55,89 +81,195 @@
public static Test suite()
{
+ /** ***/
+ // this must be set before testSetup is returned
+ System.setProperty("javax.net.ssl.trustStore",
"/home/rsearls/j1/jbossws/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF/stsstore.jks");
+ System.setProperty("javax.net.ssl.trustStorePassword",
"stsspass");
+ System.setProperty("javax.net.ssl.trustStoreType", "jks");
+ System.setProperty("org.jboss.security.ignoreHttpsHost",
"true");
+
+
//deploy client, STS and service; start a security domain to be used by the STS for
authenticating client
- return WSTrustTestUtils.getTestSetup(WSTrustBearerTestCase.class,
+ JBossWSCXFTestSetup testSetup =
WSTrustTestUtils.getTestSetup(WSTrustBearerTestCase.class,
"jaxws-samples-wsse-policy-trust-client.jar
jaxws-samples-wsse-policy-trust-sts-bearer.war
jaxws-samples-wsse-policy-trust-bearer.war");
+
+
+ /**
+ // the server looks for the file /home/rsearls/.keystore no matter what
+ // path given for keystore-path. Fails to deploy war; test never runs
+ Map<String, String> sslOptions = new HashMap<String, String>();
+ sslOptions.put("server-identity.ssl.keystore-path",
"servicestore.jks");
+ sslOptions.put("server-identity.ssl.keystore-password",
"sspass");
+ sslOptions.put("authentication.truststore.keystore-path",
"stsstore.jks");
+ sslOptions.put("authentication.truststore.keystore-password",
"stsspass");
+ testSetup.setHttpsConnectorRequirement(sslOptions);
+ **/
+ return testSetup;
}
- /**
- * @throws Exception
- */
- public void testBearer() throws Exception
+ public void testAllInOneBearer() throws Exception
{
+
Bus bus = BusFactory.newInstance().createBus();
try
{
+
BusFactory.setThreadDefaultBus(bus);
+ //------------------------------
final QName serviceName = new
QName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypo...;,
"BearerService");
final URL wsdlURL = new URL(serviceURL + "?wsdl");
Service service = Service.create(wsdlURL, serviceName);
BearerIface proxy = (BearerIface) service.getPort(BearerIface.class);
- WSTrustTestUtils.setupWsseAndSTSClientBearer((BindingProvider) proxy, bus);
+ Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
- assertEquals("Bearer WS-Trust Hello World!", proxy.sayHello());
- /*
- try {
- proxy.sayHello();
- } catch (Exception e) { // rls added
- e.printStackTrace(); // rls added
- } // rls added
- */
+ //jaxws-samples-wsse-policy-trust-sts-bearer
+ // 8443
+ STSClient stsClient = new STSClient(bus);
+ /**/
+
//stsClient.setWsdlLocation("https://localhost:8443/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService/UT?wsdl");
+
//-stsClient.setWsdlLocation("http://localhost:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService/UT?wsdl");
+
+ //WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl
+ URL stsWsdlURL =
+
Thread.currentThread().getContextClassLoader().getResource("META-INF/bearer-ws-trust-1.4-service.wsdl");
+ System.out.println("## stsWsdlURL: " + stsWsdlURL.toString());
+
//.getResourceAsStream("WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl");
+ stsClient.setWsdlLocation(stsWsdlURL.toString());
+
+
//stsClient.setWsdlLocation("http://localhost:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl");
+
+
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust...;
+
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trus...;
+
+
//stsClient.setServiceName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/SecurityTokenService");
+ //
stsClient.setEndpointName("http://docs.oasis-open.org/ws-sx/ws-trust...;
+ /**/
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+
+
+ proxy.sayHello();
+
+ } catch(Exception e){
+ e.printStackTrace();
+ assertTrue(false);
}
- finally
- {
- bus.shutdown(true);
- }
}
- /**
- * TMEP: Just for isolating testing of STS' generation of Bearer security token
- * @throws Exception
- */
- public void TMP_DISABLE_testSTSBearer() throws Exception
+ public void XX_testBearer() throws Exception
{
- final QName stsServiceName = new
QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
"SecurityTokenService");
- final QName stsPortName = new
QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
"UT_Port");
-
-
Bus bus = BusFactory.newInstance().createBus();
try
{
+ /** **/
+ // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ //-ServiceInfo servInfo = new ServiceInfo();
+
//-servInfo.setTargetNamespace("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy");
+ //-servInfo.setName(new
QName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypo...;,
"BearerService"));
+
+ ConduitInitiatorManager mgr = bus.getExtension(ConduitInitiatorManager.class);
+ ConduitInitiator ci = null;
+ ci =
mgr.getConduitInitiator("http://cxf.apache.org/transports/http");
+
+ URL myWsdlURL = new URL(serviceURL + "?wsdl");
+ EndpointInfo endpointInfo = new EndpointInfo();
+ endpointInfo.setName(new QName("http://cxf.apache.org",
"TransportURIResolver"));
+ endpointInfo.setAddress(myWsdlURL.toURI().toString());
+ HTTPConduit httpConduit = new URLConnectionHTTPConduit(bus, endpointInfo,
+ endpointInfo.getTarget());
+
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ tlsParams.setSecureSocketProtocol("TLSv1"); // SSL .. try this
+ setKeyManagers(tlsParams, "ckpass",
"META-INF/clientstore.jks");
+ tlsParams.setDisableCNCheck(true);
+
+ /** fix this
+ * FiltersType filter = new FiltersType();
+ filter.getInclude().add(".*_EXPORT_.*");
+ filter.getInclude().add(".*_EXPORT1024_.*");
+ filter.getInclude().add(".*_WITH_DES_.*");
+ filter.getInclude().add(".*_WITH_NULL_.*");
+ filter.getExclude().add(".*_DH_anon_.*");
+ tlsParams.setCipherSuitesFilter(filter);
+
+ */
+ httpConduit.setTlsClientParameters(tlsParams);
+
+ JBossWSConfigurer configurer =
(JBossWSConfigurer)bus.getExtension(Configurer.class);
+ BeanCustomizer customizer = configurer.getCustomizer();
+ customizer.customize(httpConduit);
+
+ // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+
BusFactory.setThreadDefaultBus(bus);
- STSClient stsClient = new STSClient(bus);
- stsClient.setWsdlLocation(stsURL + "?wsdl");
- stsClient.setServiceQName(stsServiceName);
- stsClient.setEndpointQName(stsPortName);
+ //------------------------------
+ final QName serviceName = new
QName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypo...;,
"BearerService");
+ final URL wsdlURL = new URL(serviceURL + "?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ BearerIface proxy = (BearerIface) service.getPort(BearerIface.class);
-
stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-sam...;
-
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/2005...;
+ WSTrustTestUtils.setupWsseAndSTSClientBearer((BindingProvider) proxy, bus);
-
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressi...;
+ assertEquals("Bearer WS-Trust Hello World!", proxy.sayHello());
- Map<String, Object> props = stsClient.getProperties();
- props.put(SecurityConstants.USERNAME, "alice");
- props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- props.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
- props.put(SecurityConstants.SIGNATURE_PROPERTIES,
-
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
- //props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO,
"true");
+ //- proxy.sayHello();
- try {
- //- rls test -- NOTE: using https and NOT http here.
- SecurityToken st = stsClient.requestSecurityToken(
-
"https://localhost:8080/jaxws-samples-wsse-policy-trust-bearer/myBearerService");
- } catch (Exception e){
- System.out.println("##Error: " + e);
- e.printStackTrace();
- }
- }
+ } catch (Exception e) { // rls added
+ e.printStackTrace(); // rls added
+ assertTrue(false); // rls added
+ } // rls added
+
finally
{
bus.shutdown(true);
}
}
+
+
+ //
+ private TLSClientParameters setKeyManagers(TLSClientParameters tlsParams,
+ String keyPassword, String keyStoreLoc)
+ throws KeyStoreException, Exception {
+ keyStoreLoc = "META-INF/clientstore.jks";
+ InputStream inStream = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream(keyStoreLoc);
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(inStream, "cspass".toCharArray());
+ inStream.close();
+
+
+ String alg = KeyManagerFactory.getDefaultAlgorithm();
+ char[] keyPass = keyPassword != null
+ ? keyPassword.toCharArray()
+ : null;
+ KeyManagerFactory keyMF = KeyManagerFactory.getInstance(alg);
+ keyMF.init(keyStore, keyPass);
+ KeyManager[] myKeyManagers = keyMF.getKeyManagers();
+ tlsParams.setKeyManagers(myKeyManagers);
+
+
+ inStream = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream(keyStoreLoc);
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(inStream, "cspass".toCharArray());
+ inStream.close();
+ TrustManagerFactory trustMF = TrustManagerFactory.getInstance(alg);
+ trustMF.init(trustStore);
+ TrustManager[] myTrustStoreKeyManagers = trustMF.getTrustManagers();
+ tlsParams.setTrustManagers(myTrustStoreKeyManagers);
+ return tlsParams;
+ }
+
}
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java 2014-03-11
16:31:56 UTC (rev 18496)
@@ -202,40 +202,19 @@
public static void setupWsseAndSTSClientBearer(BindingProvider proxy, Bus bus) {
Map<String, Object> ctx = proxy.getRequestContext();
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
-
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
-
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
- //- used in at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:461)
- //- value MUST be myclientkey. 647 Merlin checks if alias isKeyEntry of keystore.
Using
- //- clientstore.jks. It appears signature and encrypt must be the same.
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myclientkey"
/*"myservicekey"*/);
- ctx.put(SecurityConstants.TIMESTAMP_FUTURE_TTL, "1200"); // rls DEBUGGING
only (20 min)
-
STSClient stsClient = new STSClient(bus);
+
Map<String, Object> props = stsClient.getProperties();
props.put(SecurityConstants.USERNAME, "alice");
props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- props.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
- props.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
- //todo: rls explain required use
-
stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-sam...;
-
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/2005...;
- /*//- rls testing
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
-
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
//"myservicekey");
- //----
- */
-
- // CXF is ignoring this because of the proxy WSDL policy type X509Token
ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+
}
private static String appendIssuedTokenSuffix(String prop)
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java 2014-03-11
16:31:56 UTC (rev 18496)
@@ -26,6 +26,9 @@
import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
import javax.jws.WebService;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
@WebService
(
@@ -36,11 +39,17 @@
endpointInterface =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerIface"
)
@EndpointProperties(value = {
- @EndpointProperty(key = "ws-security.signature.username", value =
"myclientkey" ), // "myservicekey"
- @EndpointProperty(key = "ws-security.signature.properties", value =
"xclientKeystore.properties"), // rls test serviceKeystore.properties
- @EndpointProperty(key = "ws-security.encryption.properties", value =
"xclientKeystore.properties"), // rls test serviceKeystore.properties
- @EndpointProperty(key = "ws-security.callback-handler", value =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerCallbackHandler")
+ @EndpointProperty(key = "ws-security.is-bsp-compliant", value =
"false"),
+ //- @EndpointProperty(key = "ws-security.signature.username", value =
"myservicekey" ),
+ @EndpointProperty(key = "ws-security.signature.properties", value =
"serviceKeystore.properties"),
+ //- @EndpointProperty(key = "ws-security.encryption.properties", value =
"serviceKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerCallbackHandler")
})
+/**
+@ServletSecurity(
+ @HttpConstraint(transportGuarantee = TransportGuarantee.CONFIDENTIAL
+ ))
+ **/
public class BearerImpl implements BearerIface
{
public String sayHello()
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java 2014-03-11
16:31:56 UTC (rev 18496)
@@ -25,10 +25,13 @@
import org.apache.cxf.annotations.EndpointProperty;
import org.apache.cxf.sts.StaticSTSProperties;
import org.apache.cxf.sts.operation.TokenIssueOperation;
+import org.apache.cxf.sts.operation.TokenValidateOperation;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.sts.service.ServiceMBean;
import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.delegation.HOKDelegationHandler;
import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
@@ -49,6 +52,7 @@
})
public class SampleSTSBearer extends SecurityTokenServiceProvider
{
+
public SampleSTSBearer() throws Exception
{
super();
@@ -58,35 +62,31 @@
props.setSignatureUsername("mystskey");
props.setCallbackHandlerClass(STSBearerCallbackHandler.class.getName());
props.setEncryptionCryptoProperties("stsKeystore.properties");
- props.setEncryptionUsername("useReqSigCert");
-
- // programmatic setting of the same encryption algorithm as in WSDL (sp:TripleDes)
- EncryptionProperties eProps = new EncryptionProperties();
- eProps.setEncryptionAlgorithm(SPConstants.TRIPLE_DES);
- props.setEncryptionProperties(eProps);
-
+ props.setEncryptionUsername("myservicekey");
props.setIssuer("DoubleItSTSIssuer");
-
List<ServiceMBean> services = new LinkedList<ServiceMBean>();
StaticService service = new StaticService();
service.setEndpoints(Arrays.asList(
// for STS testing only
"https://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/myBearerService.*",
-
// bearer serivce addresses
"http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/BearerService",
"http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/BearerService",
"http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/BearerService"
));
-
services.add(service);
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ issueOperation.getDelegationHandlers().add(new HOKDelegationHandler());
issueOperation.setServices(services);
- issueOperation.setEncryptIssuedToken(true); //todo: rls explain this
issueOperation.setStsProperties(props);
this.setIssueOperation(issueOperation);
+
+ TokenValidateOperation validationOperation = new TokenValidateOperation();
+ validationOperation.getTokenValidators().add(new SAMLTokenValidator());
+ validationOperation.setStsProperties(props);
+ this.setValidateOperation(validationOperation);
}
}
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml 2014-03-11
16:31:56 UTC (rev 18496)
@@ -12,4 +12,17 @@
<servlet-name>TestSecurityTokenService</servlet-name>
<url-pattern>/SecurityTokenService/*</url-pattern>
</servlet-mapping>
+ <!--
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>restricted web services</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ -->
</web-app>
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl 2014-03-11
16:31:56 UTC (rev 18496)
@@ -32,33 +32,70 @@
</operation>
</portType>
<binding name="BearerServicePortBinding"
type="tns:BearerIface">
- <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
+ <wsp:PolicyReference URI="#TransportSAML2BearerPolicy" />
<soap:binding
transport="http://schemas.xmlsoap.org/soap/http"
style="document"/>
<operation name="sayHello">
<soap:operation soapAction=""/>
<input>
<soap:body use="literal"/>
+ <!-- -->
<wsp:PolicyReference URI="#Input_Policy" />
+
</input>
<output>
<soap:body use="literal"/>
+ <!-- -->
<wsp:PolicyReference URI="#Output_Policy" />
+
</output>
</operation>
</binding>
<service name="BearerService">
<port name="BearerServicePort"
binding="tns:BearerServicePortBinding">
- <soap:address
location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
+ <!-- -->
+ <soap:address
+
location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
+
+ <!-- rls require use the SSL address of JBoss (8443 is industry stnd address)
-->
+ <!--
+ <soap:address
+
location="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
+ -->
</port>
</service>
-
- <wsp:Policy wsu:Id="AsymmetricSAML2Policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <wsam:Addressing wsp:Optional="false">
- <wsp:Policy />
- </wsam:Addressing>
- <!--
+
+
+ <wsp:Policy wsu:Id="TransportSAML2BearerPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+ <!-- -->
+ <sp:TransportBinding
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+
<sp:SignedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
<wsp:Policy>
@@ -71,121 +108,98 @@
<wsp:Policy>
<sp:RequireInternalReference />
</wsp:Policy>
+ <!--
<sp:Issuer>
-
<wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
+ <wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+ </wsaw:Address>
+ <wsaw:Metadata>
+ <wsx:Metadata>
+ <wsx:MetadataSection>
+ <wsx:MetadataReference>
+
<wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+ </wsaw:Address>
+ </wsx:MetadataReference>
+ </wsx:MetadataSection>
+ </wsx:Metadata>
+ </wsaw:Metadata>
+ </sp:Issuer>
+ -->
- <wsaws:Metadata
xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
-
wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
- <wsaw:ServiceName
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
-
xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
-
EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
- </wsaws:Metadata>
- </sp:Issuer>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
- -->
+ <!--
+
<wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService/UT</wsaws:Address>
+ -->
+ <!--
+ <wsaws:Metadata
xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+
wsdli:wsdlLocation="http://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
+ -->
- <sp:AsymmetricBinding
-
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
+ <!--
+ <sp:Issuer>
+
<wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
- <sp:IssuedToken
-
IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200...
- <sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- <sp:Issuer>
-
<wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
- <wsaws:Metadata
xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ <wsaws:Metadata
xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
+
<wsaw:ServiceName
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
</wsaws:Metadata>
</sp:Issuer>
- </sp:IssuedToken>
-
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token
-
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- <sp:RequireIssuerSerialReference />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDes />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax />
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp />
- <sp:OnlySignEntireHeadersAndBody />
+ -->
+ </sp:IssuedToken>
</wsp:Policy>
- </sp:AsymmetricBinding>
-
- <sp:Wss11
-
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ </sp:SignedSupportingTokens>
+ <sp:Wss11>
<wsp:Policy>
- <!--
- <sp:MustSupportRefKeyIdentifier />
- -->
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
- <sp:Trust13
-
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <sp:Trust13>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust13>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
- <!-- rls -->
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
<wsp:Policy wsu:Id="Input_Policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:EncryptedParts>
- <sp:Body />
- </sp:EncryptedParts>
- <sp:SignedParts>
- <sp:Body />
- <sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
- <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
- <sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
- <sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
- <sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
- <sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
- <sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ <sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <!--
+ <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="AckRequested"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ <sp:Header Name="SequenceAcknowledgement"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ <sp:Header Name="Sequence"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ <sp:Header Name="CreateSequence"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ -->
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
</wsp:Policy>
- <!-- rls -->
+
<wsp:Policy wsu:Id="Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
@@ -195,12 +209,22 @@
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <!--
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="AckRequested"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ <sp:Header Name="SequenceAcknowledgement"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ <sp:Header Name="Sequence"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ <sp:Header Name="CreateSequence"
+
Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"
/>
+ -->
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl 2014-03-11
16:07:15 UTC (rev 18495)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl 2014-03-11
16:31:56 UTC (rev 18496)
@@ -115,16 +115,22 @@
</wsdl:portType>
<wsdl:binding name="UT_Binding" type="wstrust:STS">
- <wsp:PolicyReference URI="#UT_policy" />
+ <wsp:PolicyReference URI="#Bearer_Transport_policy" />
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="Issue">
<soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Iss...
/>
<wsdl:input>
+ <!-- -->
+ <wsp:PolicyReference URI="#Input_policy" />
+
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
+ <!-- -->
+ <wsp:PolicyReference URI="#Output_policy" />
+
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
@@ -132,9 +138,15 @@
<soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Val...
/>
<wsdl:input>
+ <!-- -->
+ <wsp:PolicyReference URI="#Input_policy" />
+
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
+ <!-- -->
+ <wsp:PolicyReference URI="#Output_policy" />
+
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
@@ -182,41 +194,34 @@
<wsdl:service name="SecurityTokenService">
<wsdl:port name="UT_Port" binding="tns:UT_Binding">
- <soap:address
location="http://localhost:8080/SecurityTokenService/UT" />
+ <!--
+ <soap:address location="http://localhost:8080/SecurityTokenService/UT"
/>
+ -->
+ <!-- -->
+ <soap:address
location="https://localhost:8443/SecurityTokenService/UT" />
+
</wsdl:port>
</wsdl:service>
-
- <wsp:Policy wsu:Id="UT_policy">
+
+
+ <wsp:Policy wsu:Id="Bearer_Transport_policy">
<wsp:ExactlyOne>
<wsp:All>
- <wsap10:UsingAddressing/>
- <sp:AsymmetricBinding
+ <wsap10:UsingAddressing />
+ <!-- rls testing -->
+ <sp:TransportBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
<wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
-
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token
-
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- <sp:RequireIssuerSerialReference />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy />
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:TripleDes />
+ <sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -225,9 +230,38 @@
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
- <sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
- </sp:AsymmetricBinding>
+ </sp:TransportBinding>
+
+ <sp:SignedSupportingTokens
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <wsp:ExactlyOne>
+ <!-- -->
+ <wsp:All>
+ <wsp:Policy>
+ <sp:UsernameToken
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssUsernameToken10 />
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </wsp:All>
+
+ <wsp:All>
+ <wsp:Policy>
+ <sp:SamlToken
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssSamlV20Token11 />
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
<sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
<wsp:Policy>
@@ -247,5 +281,54 @@
</sp:Trust13>
</wsp:All>
</wsp:ExactlyOne>
- </wsp:Policy>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <sp:Body />
+ <sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <!--
+ <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
+ -->
+ </sp:SignedParts>
+ <sp:EncryptedParts
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <sp:Body />
+ <sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <!--
+ <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
+ -->
+ </sp:SignedParts>
+ <sp:EncryptedParts
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
</wsdl:definitions>