Author: alessio.soldano(a)jboss.com Date: 2013-02-28 08:00:27 -0500 (Thu, 28 Feb 2013) New Revision: 17370 Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyService.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyServiceImpl.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentService.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentServiceImpl.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/URIDomainExpressionBuilder.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/UriDomainExpression.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/server/JavaFirstPolicyServer.java thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/SslUsernamePasswordAttachment.xml thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/UsernamePasswordAttachment.xml thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/javafirstclient.xml thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/javafirstserver.xml Modified: thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java Log: backport CXF-4776 fix, some tests and required part of CXF-4646 Modified: thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java 2013-02-28 11:50:46 UTC (rev 17369) +++ thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -147,6 +147,7 @@ } else if (primitive instanceof Token) { supportingToken.addToken((Token) primitive); + ((Token)primitive).setSupportingToken(supportingToken); } } } Modified: thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java 2013-02-28 11:50:46 UTC (rev 17369) +++ thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -117,6 +117,7 @@ } else if (primitive instanceof Token) { supportingToken.addToken((Token)primitive); + ((Token)primitive).setSupportingToken(supportingToken); } } } Modified: thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java 2013-02-28 11:50:46 UTC (rev 17369) +++ thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -39,6 +39,11 @@ private String issuerName; + /** + * A Reference to a parent SupportingToken assertion + */ + private SupportingToken supportingToken; + public Token(SPConstants version) { super(version); } @@ -103,4 +108,12 @@ public void setIssuerName(String issuerName) { this.issuerName = issuerName; } + + public SupportingToken getSupportingToken() { + return supportingToken; + } + + public void setSupportingToken(SupportingToken supportingToken) { + this.supportingToken = supportingToken; + } } Modified: thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java 2013-02-28 11:50:46 UTC (rev 17369) +++ thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -55,6 +55,7 @@ import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.SP12Constants; import org.apache.cxf.ws.security.policy.SPConstants; +import org.apache.cxf.ws.security.policy.model.SupportingToken; import org.apache.cxf.ws.security.policy.model.UsernameToken; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSDocInfo; @@ -245,8 +246,11 @@ tok = (UsernameToken)ai.getAssertion(); if (princ != null && tok.isHashPassword() != princ.isPasswordDigest()) { ai.setNotAsserted("Password hashing policy not enforced"); + } else if (princ != null && !tok.isNoPassword() && (princ.getPassword() == null) + && isNonEndorsingSupportingToken(tok)) { + ai.setNotAsserted("Username Token No Password supplied"); } else { - ai.setAsserted(true); + ai.setAsserted(true); } } ais = aim.getAssertionInfo(SP12Constants.SUPPORTING_TOKENS); @@ -259,6 +263,26 @@ } return tok; } + + /** + * Return true if this UsernameToken policy is a (non-endorsing)SupportingToken. If this is + * true then the corresponding UsernameToken must have a password element. + */ + private boolean isNonEndorsingSupportingToken( + org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy + ) { + SupportingToken supportingToken = usernameTokenPolicy.getSupportingToken(); + if (supportingToken != null) { + SPConstants.SupportTokenType type = supportingToken.getTokenType(); + if (type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING + || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED + || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED + || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED) { + return true; + } + } + return false; + } private void addUsernameToken(SoapMessage message) { UsernameToken tok = assertUsernameTokens(message, null); Modified: thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java 2013-02-28 11:50:46 UTC (rev 17369) +++ thirdparty/cxf/branches/cxf-2.4.10/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -29,6 +29,8 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.policy.SP12Constants; +import org.apache.cxf.ws.security.policy.SPConstants; +import org.apache.cxf.ws.security.policy.model.SupportingToken; import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.message.token.UsernameToken; @@ -94,10 +96,15 @@ ai.setNotAsserted("Password hashing policy not enforced"); return false; } - if (usernameTokenPolicy.isNoPassword() && usernameToken.getPassword() != null) { + if (usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword() != null)) { ai.setNotAsserted("Username Token NoPassword policy not enforced"); return false; + } else if (!usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword() == null) + && isNonEndorsingSupportingToken(usernameTokenPolicy)) { + ai.setNotAsserted("Username Token No Password supplied"); + return false; } + if (usernameTokenPolicy.isRequireCreated() && (usernameToken.getCreated() == null || usernameToken.isHashed())) { ai.setNotAsserted("Username Token Created policy not enforced"); @@ -112,4 +119,24 @@ return true; } + /** + * Return true if this UsernameToken policy is a (non-endorsing)SupportingToken. If this is + * true then the corresponding UsernameToken must have a password element. + */ + private boolean isNonEndorsingSupportingToken( + org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy + ) { + SupportingToken supportingToken = usernameTokenPolicy.getSupportingToken(); + if (supportingToken != null) { + SPConstants.SupportTokenType type = supportingToken.getTokenType(); + if (type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING + || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED + || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED + || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED) { + return true; + } + } + return false; + } + } Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyService.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyService.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyService.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import javax.jws.WebMethod; +import javax.jws.WebService; + +@WebService(name = "JavaFirstAttachmentPolicyService", +targetNamespace = "http://www.example.org/contract/JavaFirstAttachmentPolicyService") +public interface JavaFirstAttachmentPolicyService { + @WebMethod(operationName = "doOperationLevelPolicy") + void doOperationLevelPolicy(); + + @WebMethod(operationName = "doInputMessagePolicy") + void doInputMessagePolicy(); + + @WebMethod(operationName = "doOutputMessagePolicy") + void doOutputMessagePolicy(); + + @WebMethod(operationName = "doNoPolicy") + void doNoPolicy(); +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyServiceImpl.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyServiceImpl.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstAttachmentPolicyServiceImpl.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import javax.jws.WebService; + +@WebService(endpointInterface = "org.apache.cxf.systest.ws.policy.JavaFirstAttachmentPolicyService", +serviceName = "JavaFirstAttachmentPolicyService", +targetNamespace = "http://www.example.org/contract/JavaFirstAttachmentPolicyService") +public class JavaFirstAttachmentPolicyServiceImpl implements JavaFirstAttachmentPolicyService { + public void doOperationLevelPolicy() { + } + + public void doInputMessagePolicy() { + } + + public void doOutputMessagePolicy() { + } + + public void doNoPolicy() { + } +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,162 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import java.io.File; +import java.util.HashMap; +import java.util.Map; + +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.systest.ws.policy.server.JavaFirstPolicyServer; +import org.apache.cxf.systest.ws.wssec11.client.UTPasswordCallback; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; + +import org.apache.ws.security.WSConstants; +import org.apache.ws.security.handler.WSHandlerConstants; + +import org.junit.BeforeClass; + +import org.springframework.context.support.ClassPathXmlApplicationContext; + +public class JavaFirstPolicyServiceTest extends AbstractBusClientServerTestBase { + static final String PORT = allocatePort(JavaFirstPolicyServer.class); + static final String PORT2 = allocatePort(JavaFirstPolicyServer.class, 2); + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(JavaFirstPolicyServer.class, true)); + } + + @org.junit.AfterClass + public static void cleanup() throws Exception { + String tmpDir = System.getProperty("java.io.tmpdir"); + if (tmpDir != null) { + File[] tmpFiles = new File(tmpDir).listFiles(); + if (tmpFiles != null) { + for (File tmpFile : tmpFiles) { + if (tmpFile.exists() && (tmpFile.getName().startsWith("ws-security.nonce.cache.instance") + || tmpFile.getName().startsWith("ws-security.timestamp.cache.instance"))) { + tmpFile.delete(); + } + } + } + } + stopAllServers(); + } + + @org.junit.Test + public void testUsernameTokenInterceptorNoPasswordValidation() { + ClassPathXmlApplicationContext ctx = + new ClassPathXmlApplicationContext("org/apache/cxf/systest/ws/policy/client/javafirstclient.xml"); + + JavaFirstAttachmentPolicyService svc = + (JavaFirstAttachmentPolicyService) ctx.getBean("JavaFirstAttachmentPolicyServiceClient"); + + Client client = ClientProxy.getClient(svc); + client.getEndpoint().getEndpointInfo().setAddress( + "http://localhost:" + PORT + "/JavaFirstAttachmentPolicyService"); + + WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(); + client.getEndpoint().getOutInterceptors().add(wssOut); + + // just some basic sanity tests first to make sure that auth is working where password is provided. + wssOut.setProperties(getPasswordProperties("alice", "password")); + svc.doInputMessagePolicy(); + + wssOut.setProperties(getPasswordProperties("alice", "passwordX")); + try { + svc.doInputMessagePolicy(); + fail("Expected authentication failure"); + } catch (Exception e) { + assertTrue(true); + } + + wssOut.setProperties(getNoPasswordProperties("alice")); + + try { + svc.doInputMessagePolicy(); + fail("Expected authentication failure"); + } catch (Exception e) { + assertTrue(true); + } + } + + @org.junit.Test + public void testUsernameTokenPolicyValidatorNoPasswordValidation() { + ClassPathXmlApplicationContext ctx = + new ClassPathXmlApplicationContext("org/apache/cxf/systest/ws/policy/client/javafirstclient.xml"); + + SslUsernamePasswordAttachmentService svc = + (SslUsernamePasswordAttachmentService) ctx.getBean("SslUsernamePasswordAttachmentServiceClient"); + + Client client = ClientProxy.getClient(svc); + client.getEndpoint().getEndpointInfo().setAddress( + "https://localhost:" + PORT2 + "/SslUsernamePasswordAttachmentService"); + + WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(); + client.getEndpoint().getOutInterceptors().add(wssOut); + + // just some basic sanity tests first to make sure that auth is working where password is provided. + wssOut.setProperties(getPasswordProperties("alice", "password")); + svc.doSslAndUsernamePasswordPolicy(); + + wssOut.setProperties(getPasswordProperties("alice", "passwordX")); + try { + svc.doSslAndUsernamePasswordPolicy(); + fail("Expected authentication failure"); + } catch (Exception e) { + assertTrue(true); + } + + wssOut.setProperties(getNoPasswordProperties("alice")); + + try { + svc.doSslAndUsernamePasswordPolicy(); + fail("Expected authentication failure"); + } catch (Exception e) { + assertTrue(true); + } + } + + private Map<String, Object> getPasswordProperties(String username, String password) { + UTPasswordCallback callback = new UTPasswordCallback(); + callback.setAliasPassword(username, password); + + Map<String, Object> outProps = new HashMap<String, Object>(); + outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); + outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); + outProps.put(WSHandlerConstants.PW_CALLBACK_REF, callback); + outProps.put(WSHandlerConstants.USER, username); + return outProps; + } + + private Map<String, Object> getNoPasswordProperties(String username) { + Map<String, Object> outProps = new HashMap<String, Object>(); + outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); + outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_NONE); + outProps.put(WSHandlerConstants.USER, username); + return outProps; + } +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentService.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentService.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentService.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import javax.jws.WebMethod; +import javax.jws.WebService; + +@WebService(name = "SslUsernamePasswordAttachmentService", +targetNamespace = "http://www.example.org/contract/SslUsernamePasswordAttachmentService") +public interface SslUsernamePasswordAttachmentService { + @WebMethod(operationName = "doSslAndUsernamePasswordPolicy") + void doSslAndUsernamePasswordPolicy(); +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentServiceImpl.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentServiceImpl.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/SslUsernamePasswordAttachmentServiceImpl.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,31 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import javax.jws.WebService; + +@WebService(endpointInterface = "org.apache.cxf.systest.ws.policy.SslUsernamePasswordAttachmentService", +serviceName = "SslUsernamePasswordAttachmentService", +targetNamespace = "http://www.example.org/contract/SslUsernamePasswordAttachmentService") +public class SslUsernamePasswordAttachmentServiceImpl implements SslUsernamePasswordAttachmentService { + public void doSslAndUsernamePasswordPolicy() { + } + +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/URIDomainExpressionBuilder.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/URIDomainExpressionBuilder.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/URIDomainExpressionBuilder.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,43 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import javax.xml.namespace.QName; +import org.w3c.dom.Element; +import org.apache.cxf.ws.policy.attachment.external.DomainExpression; +import org.apache.cxf.ws.policy.attachment.external.DomainExpressionBuilder; + +public class URIDomainExpressionBuilder implements DomainExpressionBuilder { + private static final Collection<QName> SUPPORTED_TYPES = Collections.unmodifiableList( + Arrays.asList(new QName[] { + new QName("http://www.w3.org/ns/ws-policy";, "URI"), + new QName("http://schemas.xmlsoap.org/ws/2004/09/policy";, "URI")})); + + public DomainExpression build(Element paramElement) { + return new UriDomainExpression(paramElement.getTextContent()); + } + + public Collection<QName> getDomainExpressionTypes() { + return SUPPORTED_TYPES; + } +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/UriDomainExpression.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/UriDomainExpression.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/UriDomainExpression.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,66 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy; + +import org.apache.cxf.service.model.BindingFaultInfo; +import org.apache.cxf.service.model.BindingMessageInfo; +import org.apache.cxf.service.model.BindingOperationInfo; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.cxf.service.model.MessageInfo; +import org.apache.cxf.service.model.ServiceInfo; +import org.apache.cxf.ws.policy.attachment.external.DomainExpression; + +public class UriDomainExpression implements DomainExpression { + private final String url; + + public UriDomainExpression(final String url) { + this.url = url; + } + + public boolean appliesTo(BindingMessageInfo bmi) { + String serviceName = + bmi.getBindingOperation().getBinding().getService().getName().getLocalPart(); + + if ("JavaFirstAttachmentPolicyService".equals(serviceName) && "usernamepassword".equals(url)) { + return MessageInfo.Type.INPUT.equals(bmi.getMessageInfo().getType()); + } else if ("SslUsernamePasswordAttachmentService".equals(serviceName) + && "sslusernamepassword".equals(url)) { + return MessageInfo.Type.INPUT.equals(bmi.getMessageInfo().getType()); + } else { + return false; + } + } + + public boolean appliesTo(BindingOperationInfo arg0) { + return false; + } + + public boolean appliesTo(EndpointInfo arg0) { + return false; + } + + public boolean appliesTo(ServiceInfo arg0) { + return false; + } + + public boolean appliesTo(BindingFaultInfo arg0) { + return false; + } +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/server/JavaFirstPolicyServer.java =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/server/JavaFirstPolicyServer.java (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/server/JavaFirstPolicyServer.java 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,50 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.policy.server; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +import org.junit.Assert; + +public class JavaFirstPolicyServer extends AbstractBusTestServerBase { + + public JavaFirstPolicyServer() { + + } + + protected void run() { + URL busFile = JavaFirstPolicyServer.class.getResource("javafirstserver.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + Assert.assertNotNull(busLocal); + setBus(busLocal); + + try { + new JavaFirstPolicyServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/SslUsernamePasswordAttachment.xml =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/SslUsernamePasswordAttachment.xml (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/SslUsernamePasswordAttachment.xml 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8" ?> + +<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&... + + <wsp:AppliesTo> + <wsp:URI>sslusernamepassword</wsp:URI> + </wsp:AppliesTo> + + <wsp:Policy wsu:Id="UsernameToken" + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w... + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy /> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128 /> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + + <sp:SupportingTokens> + <wsp:Policy> + <sp:UsernameToken + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/... + <wsp:Policy> + <sp:WssUsernameToken11 /> + </wsp:Policy> + </sp:UsernameToken> + </wsp:Policy> + </sp:SupportingTokens> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</wsp:PolicyAttachment> \ No newline at end of file Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/UsernamePasswordAttachment.xml =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/UsernamePasswordAttachment.xml (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/java_first_policies/UsernamePasswordAttachment.xml 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8" ?> + +<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&... + + <wsp:AppliesTo> + <wsp:URI>usernamepassword</wsp:URI> + </wsp:AppliesTo> + + <wsp:Policy wsu:Id="UsernameToken" + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w... + <wsp:ExactlyOne> + <wsp:All> + <sp:SupportingTokens> + <wsp:Policy> + <sp:UsernameToken + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/... + <wsp:Policy> + <sp:WssUsernameToken11 /> + </wsp:Policy> + </sp:UsernameToken> + </wsp:Policy> + </sp:SupportingTokens> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</wsp:PolicyAttachment> \ No newline at end of file Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/javafirstclient.xml =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/javafirstclient.xml (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/javafirstclient.xml 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:jaxws="http://cxf.apache.org/jaxws" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:p="http://cxf.apache.org/policy" + xmlns:sec="http://cxf.apache.org/configuration/security" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd + http://www.w3.org/ns/ws-policy http://www.w3.org/2007/02/ws-policy.xsd" +> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <http:conduit name="https://localhost:.*"> + <http:tlsClientParameters disableCNCheck="true"> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> + + <jaxws:client + id="JavaFirstAttachmentPolicyServiceClient" serviceClass="org.apache.cxf.systest.ws.policy.JavaFirstAttachmentPolicyService"> + </jaxws:client> + + <jaxws:client + id="SslUsernamePasswordAttachmentServiceClient" serviceClass="org.apache.cxf.systest.ws.policy.SslUsernamePasswordAttachmentService"> + </jaxws:client> + + + +</beans> Added: thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/javafirstserver.xml =================================================================== --- thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/javafirstserver.xml (rev 0) +++ thirdparty/cxf/branches/cxf-2.4.10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/javafirstserver.xml 2013-02-28 13:00:27 UTC (rev 17370) @@ -0,0 +1,97 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + you under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configurati... + xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" + xmlns:p="http://cxf.apache.org/policy" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd + http://www.w3.org/ns/ws-policy http://www.w3.org/2007/02/ws-policy.xsd + "> + <bean + class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" /> + + <cxf:bus> + <cxf:features> + <p:policies /> + <cxf:logging /> + </cxf:features> + </cxf:bus> + + <httpj:engine-factory id="tls-settings"> + <httpj:engine port="${testutil.ports.JavaFirstPolicyServer.2}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/> + </sec:keyManagers> + <sec:cipherSuitesFilter> + <sec:include>.*_EXPORT_.*</sec:include> + <sec:include>.*_EXPORT1024_.*</sec:include> + <sec:include>.*_WITH_DES_.*</sec:include> + <sec:include>.*_WITH_AES_.*</sec:include> + <sec:include>.*_WITH_NULL_.*</sec:include> + <sec:exclude>.*_DH_anon_.*</sec:exclude> + </sec:cipherSuitesFilter> + <sec:clientAuthentication want="true" required="false"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <p:externalAttachment location="classpath:java_first_policies/UsernamePasswordAttachment.xml" /> + <p:externalAttachment location="classpath:java_first_policies/SslUsernamePasswordAttachment.xml" /> + + <!-- register a policy attachment appliesto checker! --> + <bean id="uridomainexpressionbuilder" + class="org.apache.cxf.systest.ws.policy.URIDomainExpressionBuilder" /> + + <bean id="org.apache.cxf.systest.ws.policy.JavaFirstAttachmentPolicyService" + class="org.apache.cxf.systest.ws.policy.JavaFirstAttachmentPolicyServiceImpl" /> + + <bean id="org.apache.cxf.systest.ws.policy.SslUsernamePasswordAttachmentService" + class="org.apache.cxf.systest.ws.policy.SslUsernamePasswordAttachmentServiceImpl" /> + + <jaxws:endpoint id="JavaFirstAttachmentPolicyService" + address="http://localhost:${testutil.ports.JavaFirstPolicyServer}/JavaFirstAttachmentPolicyService" + implementor="#org.apache.cxf.systest.ws.policy.JavaFirstAttachmentPolicyService"> + + <jaxws:properties> + <entry key="ws-security.callback-handler" + value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" /> + </jaxws:properties> + + <jaxws:features> + <p:policies /> + </jaxws:features> + </jaxws:endpoint> + + <jaxws:endpoint id="SslUsernamePasswordAttachmentService" + address="https://localhost:${testutil.ports.JavaFirstPolicyServer.2}/SslUsernamePasswordAttachmentService" + implementor="#org.apache.cxf.systest.ws.policy.SslUsernamePasswordAttachmentService"> + + <jaxws:properties> + <entry key="ws-security.callback-handler" + value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" /> + </jaxws:properties> + + <jaxws:features> + <p:policies /> + </jaxws:features> + </jaxws:endpoint> +</beans>