Author: alessio.soldano(a)jboss.com
Date: 2012-04-11 12:10:32 -0400 (Wed, 11 Apr 2012)
New Revision: 16156
Added:
projects/interop/cxf/wsse-webapp/src/main/java/org/jboss/ws/cxf/interop/wsse/UsernameTokenJaasClient.java
projects/interop/cxf/wsse-webapp/src/main/webapp/usernametokenjaas.xhtml
Modified:
projects/interop/cxf/wsse-webapp/src/main/webapp/home.xhtml
Log:
Adding JAAS testcase and temporarly disabling GCM one which is not available on OpenShift
Added:
projects/interop/cxf/wsse-webapp/src/main/java/org/jboss/ws/cxf/interop/wsse/UsernameTokenJaasClient.java
===================================================================
---
projects/interop/cxf/wsse-webapp/src/main/java/org/jboss/ws/cxf/interop/wsse/UsernameTokenJaasClient.java
(rev 0)
+++
projects/interop/cxf/wsse-webapp/src/main/java/org/jboss/ws/cxf/interop/wsse/UsernameTokenJaasClient.java 2012-04-11
16:10:32 UTC (rev 16156)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.ws.cxf.interop.wsse;
+
+import java.io.Serializable;
+import java.net.URL;
+
+import javax.enterprise.context.SessionScoped;
+import javax.faces.application.FacesMessage;
+import javax.faces.component.UIComponent;
+import javax.faces.component.UIInput;
+import javax.faces.context.FacesContext;
+import javax.inject.Named;
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.ws.security.SecurityConstants;
+
+@Named
+@SessionScoped
+public class UsernameTokenJaasClient extends AbstractClient implements Serializable
+{
+ private static final long serialVersionUID = 2816529347065394478L;
+
+ private String expectedResponse = "Secure Hello World!";
+
+ public String getExpectedResponse()
+ {
+ return expectedResponse;
+ }
+
+ public void setExpectedResponse(String expectedResponse)
+ {
+ this.expectedResponse = expectedResponse;
+ }
+
+ public void runTest() {
+ String result = null;
+ try {
+ if (testUsernameTokenJaas(expectedResponse)) {
+ result = "Invocation successfully performed";
+ } else {
+ result = "Target enpoind didn't return expected message!";
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ result = "Invocation failed! " + e.getClass() + ": " +
e.getMessage();
+ } finally {
+ FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(result));
+ }
+ }
+
+ public void validateTargetEndpointAddress(FacesContext context, UIComponent
toValidate, Object value)
+ {
+ String input = (String) value;
+ try
+ {
+ new URL(input);
+ }
+ catch (Exception e)
+ {
+ ((UIInput) toValidate).setValid(false);
+ FacesMessage message = new FacesMessage("Invalid endpoint address;
can't build a URL from that.");
+ context.addMessage(toValidate.getClientId(context), message);
+ }
+ }
+
+ private boolean testUsernameTokenJaas(String expectedResponse) throws Exception
+ {
+ Bus bus = BusFactory.newInstance().createBus();
+ try
+ {
+ BusFactory.setThreadDefaultBus(bus);
+
+ QName serviceName = new
QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
"SecurityService");
+ URL wsdlURL = new URL(getWsdl());
+ Service service = Service.create(wsdlURL, serviceName);
+ ServiceIface proxy = (ServiceIface)service.getPort(ServiceIface.class);
+
((BindingProvider)proxy).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
getTargetEndpointAddress());
+ setupWsse(proxy, "kermit");
+ return expectedResponse.equals(proxy.sayHello());
+ }
+ finally
+ {
+ bus.shutdown(true);
+ }
+ }
+
+ private void setupWsse(ServiceIface proxy, String username)
+ {
+ ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.USERNAME,
username);
+
((BindingProvider)proxy).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
"org.jboss.ws.cxf.interop.wsse.UsernamePasswordCallback");
+ }
+
+ @Override
+ protected String getTargetEndpointPath()
+ {
+ return
"/jaxws-samples-wsse-policy-username-jaas-ejb/SecurityService/EJBServiceImpl";
+ }
+}
Modified: projects/interop/cxf/wsse-webapp/src/main/webapp/home.xhtml
===================================================================
--- projects/interop/cxf/wsse-webapp/src/main/webapp/home.xhtml 2012-04-11 15:03:42 UTC
(rev 16155)
+++ projects/interop/cxf/wsse-webapp/src/main/webapp/home.xhtml 2012-04-11 16:10:32 UTC
(rev 16156)
@@ -19,6 +19,7 @@
<li><a
href="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-sec...
target="_new">WS-Security Policy 1.3</a></li>
<li><a
href="http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessa...
target="_new">SOAP Message Security 1.1</a></li>
<li><a
href="http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-x509Token...
target="_new">X.509 Certificate Token Profile 1.1</a></li>
+ <li><a
href="http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameT...
Token Profile 1.1</a></li>
</ul>
</div>
@@ -26,8 +27,9 @@
<div>
<ol>
<li><a href="usernametoken.jsf">UsernameToken with plain
text password</a></li>
+ <li><a href="usernametokenjaas.jsf">UsernameToken with
plain text password (JAAS)</a></li>
<li><a href="signencrypt.jsf">Mutual Authentication with
X.509 Certificates, Sign, Encrypt</a></li>
- <li><a href="signencryptgcm.jsf">Mutual Authentication
with X.509 Certificates, Sign, Encrypt (GCM algorithm)</a></li>
+<!-- <li><a href="signencryptgcm.jsf">Mutual
Authentication with X.509 Certificates, Sign, Encrypt (GCM algorithm)</a></li>
-->
</ol>
</div>
</div>
Added: projects/interop/cxf/wsse-webapp/src/main/webapp/usernametokenjaas.xhtml
===================================================================
--- projects/interop/cxf/wsse-webapp/src/main/webapp/usernametokenjaas.xhtml
(rev 0)
+++ projects/interop/cxf/wsse-webapp/src/main/webapp/usernametokenjaas.xhtml 2012-04-11
16:10:32 UTC (rev 16156)
@@ -0,0 +1,102 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html
xmlns="http://www.w3.org/1999/xhtml"
+
xmlns:ui="http://java.sun.com/jsf/facelets"
+
xmlns:h="http://java.sun.com/jsf/html"
+
xmlns:f="http://java.sun.com/jsf/core">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
+<title>JBossWS - CXF WS-Security Interop</title>
+</head>
+
+<body>
+ <div id="content">
+ <h1>UsernameToken with plain text password (JAAS)</h1>
+ <h:form id="usernameTokenForm">
+ <div>
+ <h2>Scenario description</h2>
+ <p>
+ The policy defining this scenario says that the requestor/initiator must
send a password in a UsernameToken in a WS-Security header to the recipient
+ (who as the authority will validate the password). The password is required
because that is the default requirement for the Web Services Security Username Token
Profile 1.x.
+ This setup is only recommended where confidentiality of the message is not
an issue, such as a pre-production test scenario with dummy passwords.
+ </p>
+ <p>
+ The test endpoint for this scenario is connected through JAAS to the JBoss
AS 7 security layer and uses the <i>JBossWS</i> security domain:
+ <pre>
+@Stateless(name = "EjbEndpoint")
+@WebService
+(
+ portName = "SecurityServicePort",
+ serviceName = "SecurityService",
+ wsdlLocation = "META-INF/wsdl/SecurityService.wsdl",
+ targetNamespace =
"http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
+ endpointInterface =
"org.jboss.test.ws.jaxws.samples.wsse.policy.jaas.ServiceIface"
+)
+@SecurityDomain("JBossWS")
+@EndpointConfig(configFile = "META-INF/jaxws-endpoint-config.xml", configName =
"Custom WS-Security Endpoint")
+//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF
annotations are ignored
+@InInterceptors(interceptors =
{"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})
+public class EJBServiceImpl
+{
+ // Provide logging
+ private static Logger log = Logger.getLogger(EJBServiceImpl.class);
+
+ @WebMethod
+ @RolesAllowed("friend")
+ public String sayHello()
+ {
+ log.info("Saying hello");
+ return "Secure Hello World!";
+ }
+
+ @WebMethod
+ @RolesAllowed("snoopies")
+ public String greetMe()
+ {
+ log.info("Greeting");
+ return "Greetings!";
+ }
+}
+ </pre>
+ </p>
+
+ <h2>Resources</h2>
+ <p>
+ <ul>
+ <li><a href="#{usernameTokenJaasClient.wsdl}"
target="_new">WSDL</a></li>
+ <li>Authorized username/password:
<i><b>kermit</b></i> /
<i><b>thefrog</b></i></li>
+ </ul>
+ </p>
+
+ <h2>Test server</h2>
+ <p>
+ A sample endpoint is deployed and advertises the WSDL contract above. Feel
free to use your client against that.
+ </p>
+
+ <h2>Test</h2>
+ <p>
+ Here you can try a pre-built test client; the client invokes the
<i>sayHello</i> operation defined for the test endpoint advertised the WSDL
contract above.
+ Please fill-in the target endpoint address (if you want to test your
endpoint implementation of the above WSDL) and expected "hello" reply.
+ Then let the client perform the invocation.
+ <div>
+ <h:messages id="messages" globalOnly="false" />
+ </div>
+ <div>
+ Target endpoint: <h:inputText id="inputTargetEndpoint"
value="#{usernameTokenJaasClient.targetEndpointAddress}"
+ required="true" size="40"
+
validator="#{usernameTokenJaasClient.validateTargetEndpointAddress}"
/><br/>
+ Expected response message: <h:inputText
id="inputExpectedResponseMessage"
value="#{usernameTokenJaasClient.expectedResponse}"
+ required="true" size="30" /><br/>
+ <h:commandButton id="testButton" value="Test"
+ action="#{usernameTokenJaasClient.runTest}" />
+ </div>
+ </p>
+ </div>
+ </h:form>
+ <div>
+ <a href="home.jsf">Back to home</a>
+ </div>
+ </div>
+</body>
+</html>