Author: rsearls
Date: 2014-03-02 14:52:31 -0500 (Sun, 02 Mar 2014)
New Revision: 18447
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerCallbackHandler.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerIface.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/STSBearerCallbackHandler.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService_schema1.xsd
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java
Log:
[JBWS-3738] basic components for WS-Trust Bearer test.
Modified: stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2014-03-02
19:09:16 UTC (rev 18446)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/scripts/cxf-samples-jars-jaxws.xml 2014-03-02
19:52:31 UTC (rev 18447)
@@ -541,6 +541,49 @@
value="org.jboss.ws.cxf.jbossws-cxf-client,
org.apache.cxf.impl"/>
</manifest>
</war>
+
+ <!-- jaxws-samples-wsse-policy-trust-sts-bearer -->
+ <war
+
warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-trust-sts-bearer.war"
+
webxml="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml">
+ <classes dir="${tests.output.dir}/test-classes">
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.class"/>
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/STSBearerCallbackHandler.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF">
+ <include name="wsdl/bearer-ws-trust*"/>
+ <include name="jboss-web.xml"/>
+ </webinf>
+ <zipfileset
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF"
prefix="WEB-INF/classes">
+ <include name="stsstore.jks" />
+ <include name="stsKeystore.properties" />
+ </zipfileset>
+ <manifest>
+ <attribute name="Dependencies"
value="org.jboss.ws.cxf.jbossws-cxf-client,org.apache.cxf.impl annotations"/>
<!-- cxf impl required to extend STS impl -->
+ </manifest>
+ </war>
+
+ <!-- jaxws-samples-wsse-policy-trust-bearer -->
+ <war
+
warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-trust-bearer.war"
needxmlfile='false'>
+ <classes dir="${tests.output.dir}/test-classes">
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerIface.class"/>
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.class"/>
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/Say*.class"/>
+ <include
name="org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerCallbackHandler.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF">
+ <include name="wsdl/Bearer*"/>
+ </webinf>
+ <zipfileset
dir="${tests.output.dir}/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF"
prefix="WEB-INF/classes">
+ <include name="servicestore.jks" />
+ <include name="serviceKeystore.properties" />
+ </zipfileset>
+ <manifest>
+ <attribute name="Dependencies"
value="org.jboss.ws.cxf.jbossws-cxf-client"/>
+ </manifest>
+ </war>
+
<!-- jaxws-samples-wsse-policy-trustPicketLink-sts -->
<war
warfile="${tests.output.dir}/test-libs/jaxws-samples-wsse-policy-trustPicketLink-sts.war"
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustBearerTestCase.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust;
+
+import junit.framework.Test;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerIface;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.ClientCallbackHandler;
+import org.jboss.wsf.test.JBossWSTest;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import java.net.URL;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+/**
+ * A demo of using SAML Bearer key type
+ *
+ * User: rsearls(a)redhat.com
+ * Date: 2/24/14
+ */
+public class WSTrustBearerTestCase extends JBossWSTest
+{
+ private final String serviceURL = "http://" + getServerHost()
+ + ":8080/jaxws-samples-wsse-policy-trust-bearer/BearerService";
+ private final String stsURL = "http://" + getServerHost()
+ +
":8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService";
+
+ public static Test suite()
+ {
+ //deploy client, STS and service; start a security domain to be used by the STS for
authenticating client
+ return WSTrustTestUtils.getTestSetup(WSTrustBearerTestCase.class,
+ "jaxws-samples-wsse-policy-trust-client.jar
jaxws-samples-wsse-policy-trust-sts-bearer.war
jaxws-samples-wsse-policy-trust-bearer.war");
+ }
+
+ /**
+ * @throws Exception
+ */
+ public void TMP_DISABLE_testBearer() throws Exception
+ {
+ Bus bus = BusFactory.newInstance().createBus();
+ try
+ {
+ BusFactory.setThreadDefaultBus(bus);
+
+ final QName serviceName = new
QName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypo...;,
"BearerService");
+ final URL wsdlURL = new URL(serviceURL + "?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ BearerIface proxy = (BearerIface) service.getPort(BearerIface.class);
+
+ WSTrustTestUtils.setupWsseAndSTSClientBearer((BindingProvider) proxy, bus);
+
+ assertEquals("Bearer WS-Trust Hello World!", proxy.sayHello());
+ }
+ finally
+ {
+ bus.shutdown(true);
+ }
+ }
+
+ /**
+ * TMEP: Just for isolating testing of STS' generation of Bearer security token
+ * @throws Exception
+ */
+ public void testSTSBearer() throws Exception
+ {
+ final QName stsServiceName = new
QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
"SecurityTokenService");
+ final QName stsPortName = new
QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
"UT_Port");
+
+
+ Bus bus = BusFactory.newInstance().createBus();
+ try
+ {
+ BusFactory.setThreadDefaultBus(bus);
+
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation(stsURL + "?wsdl");
+ stsClient.setServiceQName(stsServiceName);
+ stsClient.setEndpointQName(stsPortName);
+
+
stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-sam...;
+
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/2005...;
+
+
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressi...;
+
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ props.put(SecurityConstants.SIGNATURE_PROPERTIES,
+
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ //props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO,
"true");
+
+
+ try {
+ //- rls test -- NOTE: using https and NOT http here.
+ SecurityToken st = stsClient.requestSecurityToken(
+
"https://localhost:8080/jaxws-samples-wsse-policy-trust-bearer/myBearerService");
+ } catch (Exception e){
+ System.out.println("##Error: " + e);
+ e.printStackTrace();
+ }
+ }
+ finally
+ {
+ bus.shutdown(true);
+ }
+ }
+}
Modified:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java 2014-03-02
19:09:16 UTC (rev 18446)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/WSTrustTestUtils.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -29,6 +29,7 @@
import org.apache.cxf.Bus;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.ClientCallbackHandler;
import
org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.UsernameTokenCallbackHandler;
@@ -198,7 +199,28 @@
ctx.put(SecurityConstants.STS_CLIENT, stsClient);
}
+ public static void setupWsseAndSTSClientBearer(BindingProvider proxy, Bus bus) {
+ Map<String, Object> ctx = proxy.getRequestContext();
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+
+ STSClient stsClient = new STSClient(bus);
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ props.put(SecurityConstants.SIGNATURE_PROPERTIES,
+
Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+ //todo: rls explain required use
+
stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-sam...;
+
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/2005...;
+
+ // CXF is ignoring this because of the proxy WSDL policy type X509Token
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+ }
+
private static String appendIssuedTokenSuffix(String prop)
{
return prop + ".it";
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerCallbackHandler.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerCallbackHandler.java
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerCallbackHandler.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *
http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class BearerCallbackHandler extends PasswordCallbackHandler
+{
+
+ public BearerCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("myservicekey", "skpass");
+ return passwords;
+ }
+}
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerIface.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerIface.java
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerIface.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,35 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+@WebService
+(
+ targetNamespace =
"http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+)
+public interface BearerIface
+{
+ @WebMethod
+ String sayHello();
+}
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/bearer/BearerImpl.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "BearerServicePort",
+ serviceName = "BearerService",
+ wsdlLocation = "WEB-INF/wsdl/BearerService.wsdl",
+ targetNamespace =
"http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy",
+ endpointInterface =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerIface"
+)
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value =
"myservicekey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value =
"serviceKeystore.properties"),
+ @EndpointProperty(key = "ws-security.encryption.properties", value =
"serviceKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.bearer.BearerCallbackHandler")
+})
+public class BearerImpl implements BearerIface
+{
+ public String sayHello()
+ {
+ return "Bearer WS-Trust Hello World!";
+ }
+}
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/STSBearerCallbackHandler.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/STSBearerCallbackHandler.java
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/STSBearerCallbackHandler.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *
http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class STSBearerCallbackHandler extends PasswordCallbackHandler
+{
+ public STSBearerCallbackHandler()
+ {
+ super(getInitMap());
+ }
+
+ private static Map<String, String> getInitMap()
+ {
+ Map<String, String> passwords = new HashMap<String, String>();
+ passwords.put("mystskey", "stskpass");
+ passwords.put("myclientkey", "ckpass");
+ passwords.put("alice", "clarinet");
+ return passwords;
+ }
+}
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/stsbearer/SampleSTSBearer.java 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,87 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.operation.TokenIssueOperation;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
+
+import javax.xml.ws.WebServiceProvider;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+@WebServiceProvider(serviceName = "SecurityTokenService",
+ portName = "UT_Port",
+ targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+ wsdlLocation = "WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl")
+//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF
annotations are ignored
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value =
"mystskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value =
"stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer.STSBearerCallbackHandler"),
+ @EndpointProperty(key = "ws-security.validate.token", value =
"false") //to let the JAAS integration deal with validation through the
interceptor below
+})
+public class SampleSTSBearer extends SecurityTokenServiceProvider
+{
+ public SampleSTSBearer() throws Exception
+ {
+ super();
+
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(STSBearerCallbackHandler.class.getName());
+ props.setEncryptionCryptoProperties("stsKeystore.properties");
+ props.setEncryptionUsername("useReqSigCert");
+
+ // programmatic setting of the same encryption algorithm as in WSDL (sp:TripleDes)
+ EncryptionProperties eProps = new EncryptionProperties();
+ eProps.setEncryptionAlgorithm(SPConstants.TRIPLE_DES);
+ props.setEncryptionProperties(eProps);
+
+ props.setIssuer("DoubleItSTSIssuer");
+
+
+ List<ServiceMBean> services = new LinkedList<ServiceMBean>();
+ StaticService service = new StaticService();
+ service.setEndpoints(Arrays.asList(
+
"https://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-bearer/myBearerService.*"
+ ));
+
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ issueOperation.setServices(services);
+ issueOperation.setEncryptIssuedToken(true); //todo: rls explain this
+ issueOperation.setStsProperties(props);
+ this.setIssueOperation(issueOperation);
+ }
+}
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/bearer/web.xml 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app
+ version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <servlet>
+ <servlet-name>TestSecurityTokenService</servlet-name>
+
<servlet-class>org.jboss.test.ws.jaxws.samples.wsse.policy.trust.stsbearer.SampleSTSBearer</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>TestSecurityTokenService</servlet-name>
+ <url-pattern>/SecurityTokenService/*</url-pattern>
+ </servlet-mapping>
+</web-app>
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService.wsdl 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<definitions
targetNamespace="http://www.jboss.org/jbossws/ws-extensions/bearerws...
+ name="BearerService"
+
xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuri...
+
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+
xmlns="http://schemas.xmlsoap.org/wsdl/"
+
xmlns:wsp="http://www.w3.org/ns/ws-policy"
+
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
+
xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <types>
+ <xsd:schema>
+ <xsd:import
namespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuri...
+ schemaLocation="BearerService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <portType name="BearerIface">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+ <binding name="BearerServicePortBinding"
type="tns:BearerIface">
+ <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
+ <soap:binding
transport="http://schemas.xmlsoap.org/soap/http"
style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ </input>
+ <output>
+ </output>
+ </operation>
+ </binding>
+ <service name="BearerService">
+ <port name="BearerServicePort"
binding="tns:BearerServicePortBinding">
+ <soap:address
location="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
+ </port>
+ </service>
+
+ <wsp:Policy wsu:Id="AsymmetricSAML2Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+ <sp:AsymmetricBinding
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ <sp:Issuer>
+
<wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata
xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+
wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
+ <wsaw:ServiceName
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+
xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+
EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</definitions>
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService_schema1.xsd
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService_schema1.xsd
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/BearerService_schema1.xsd 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<xs:schema version="1.0"
+
targetNamespace="http://www.jboss.org/jbossws/ws-extensions/bearerws...
+
xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuri...
+
xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+ <xs:element name="sayHello" type="tns:sayHello"/>
+
+ <xs:element name="sayHelloResponse"
type="tns:sayHelloResponse"/>
+
+ <xs:complexType name="sayHello">
+ <xs:sequence/>
+ </xs:complexType>
+
+ <xs:complexType name="sayHelloResponse">
+ <xs:sequence>
+ <xs:element name="return" type="xs:string"
minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
+
Added:
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl
===================================================================
---
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl
(rev 0)
+++
stack/cxf/trunk/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/trust/WEB-INF/wsdl/bearer-ws-trust-1.4-service.wsdl 2014-03-02
19:52:31 UTC (rev 18447)
@@ -0,0 +1,251 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions
+
targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/&q...
+
xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+
xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+
xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
+
xmlns:wsp="http://www.w3.org/ns/ws-policy"
+
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+
xmlns:xs="http://www.w3.org/2001/XMLSchema"
+
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+
+ <wsdl:types>
+ <xs:schema elementFormDefault="qualified"
+
targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'...
+
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType' />
+ <xs:element name='RequestSecurityTokenResponse'
+ type='wst:AbstractRequestSecurityTokenType' />
+
+ <xs:complexType name='AbstractRequestSecurityTokenType' >
+ <xs:sequence>
+ <xs:any namespace='##any' processContents='lax'
+ minOccurs='0' maxOccurs='unbounded' />
+ </xs:sequence>
+ <xs:attribute name='Context' type='xs:anyURI'
use='optional' />
+ <xs:anyAttribute namespace='##other' processContents='lax'
/>
+ </xs:complexType>
+ <xs:element name='RequestSecurityTokenCollection'
+ type='wst:RequestSecurityTokenCollectionType' />
+ <xs:complexType name='RequestSecurityTokenCollectionType' >
+ <xs:sequence>
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType'
+ minOccurs='2' maxOccurs='unbounded'/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name='RequestSecurityTokenResponseCollection'
+ type='wst:RequestSecurityTokenResponseCollectionType' />
+ <xs:complexType name='RequestSecurityTokenResponseCollectionType' >
+ <xs:sequence>
+ <xs:element ref='wst:RequestSecurityTokenResponse'
+ minOccurs='1' maxOccurs='unbounded' />
+ </xs:sequence>
+ <xs:anyAttribute namespace='##other' processContents='lax'
/>
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:message name="RequestSecurityTokenMsg">
+ <wsdl:part name="request" element="wst:RequestSecurityToken"
/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseMsg">
+ <wsdl:part name="response"
+ element="wst:RequestSecurityTokenResponse" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenCollectionMsg">
+ <wsdl:part name="requestCollection"
+ element="wst:RequestSecurityTokenCollection"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:part name="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection"/>
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portType name="WSSecurityRequestor">
+ <wsdl:operation name="Challenge">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <wsdl:portType name="STS">
+ <wsdl:operation name="Cancel">
+ <wsdl:input
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Ca...
message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/C...
message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Issue">
+ <wsdl:input
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Is...
message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/...
message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <wsdl:input
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Re...
message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/R...
message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <wsdl:input
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Va...
message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/V...
message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <wsdl:input
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KE...
message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/K...
message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <wsdl:input message="tns:RequestSecurityTokenCollectionMsg"/>
+ <wsdl:output
message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portType name="SecurityTokenResponseService">
+ <wsdl:operation name="RequestSecurityTokenResponse">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <wsdl:binding name="UT_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#UT_policy" />
+ <soap:binding style="document"
+
transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Iss...
/>
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Val...
/>
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Can...
/>
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Ren...
/>
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Key...
/>
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Req...
/>
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="SecurityTokenService">
+ <wsdl:port name="UT_Port" binding="tns:UT_Binding">
+ <soap:address
location="http://localhost:8080/SecurityTokenService/UT" />
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:AsymmetricBinding
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/...
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702&...
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</wsdl:definitions>