[ https://issues.jboss.org/browse/JBWS-3738?page=com.atlassian.jira.plugin.... ] R Searls commented on JBWS-3738: -------------------------------- Proposed set of tests. It is recommended that tests be provided to confirm that the optional settings and priority of ref is handled properly for these security constants. /** * The user's name. It is used differently by each of the WS-Security functions: * a) It is used as the name in the UsernameToken * b) It is used as the alias name in the keystore to get the user's cert and private key for signature * if {@link SIGNATURE_USERNAME} is not set. * c) It is used as the alias name in the keystore to get the user's public key for encryption if * {@link ENCRYPT_USERNAME} is not set. */ public static final String USERNAME = "ws-security.username"; /** * The user's password when a {@link CALLBACK_HANDLER} is not defined. It is currently only used for * the case of adding a password to a UsernameToken. */ public static final String PASSWORD = "ws-security.password"; /** * The user's name for signature. It is used as the alias name in the keystore to get the user's cert * and private key for signature. - If this is not defined, then {@link USERNAME} is used instead. - If that is also not specified, it uses the the default alias set in the properties file referenced by {@link SIGNATURE_PROPERTIES}. - If that's also not set, and the keystore only contains a single key, that key will be used. */ public static final String SIGNATURE_USERNAME = "ws-security.signature.username"; /** * The user's name for encryption. It is used as the alias name in the keystore to get the user's public * key for encryption. If this is not defined, then {@link USERNAME} is used instead. If * that is also not specified, it uses the the default alias set in the properties file referenced by * {@link ENCRYPT_PROPERTIES}. If that's also not set, and the keystore only contains a single key, * that key will be used. * * For the web service provider, the "useReqSigCert" keyword can be used to accept (encrypt to) any * client whose public key is in the service's truststore (defined in {@link ENCRYPT_PROPERTIES}). */ public static final String ENCRYPT_USERNAME = "ws-security.encryption.username"; provide test for each - public static final String CALLBACK_HANDLER = "ws-security.callback-handler"; - public static final String SAML_CALLBACK_HANDLER = "ws-security.saml-callback-handler"; /** * The Crypto property configuration to use for signature, if {@link SIGNATURE_CRYPTO} is not set instead. * The value of this tag must be either: * a) A Java Properties object that contains the Crypto configuration. * b) The path of the Crypto property file that contains the Crypto configuration. * c) A URL that points to the Crypto property file that contains the Crypto configuration. */ public static final String SIGNATURE_PROPERTIES = "ws-security.signature.properties"; /** * The Crypto property configuration to use for encryption, if {@link ENCRYPT_CRYPTO} is not set instead. * The value of this tag must be either: * a) A Java Properties object that contains the Crypto configuration. * b) The path of the Crypto property file that contains the Crypto configuration. * c) A URL that points to the Crypto property file that contains the Crypto configuration. */ public static final String ENCRYPT_PROPERTIES = "ws-security.encryption.properties"; /** * A Crypto object to be used for signature. If this is not defined then the * {@link SIGNATURE_PROPERTIES} is used instead. */ public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto"; /** * A Crypto object to be used for encryption. If this is not defined then the * {@link ENCRYPT_PROPERTIES} is used instead. */ public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto"; /** * Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust * in a certificate. The default value is "false". */ public static final String ENABLE_REVOCATION = "ws-security.enableRevocation"; /** * The Subject Role Classifier to use. If one of the WSS4J Validators returns a JAAS Subject * from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext * based on this Subject. If this value is not specified, then it tries to get roles using * the DefaultSecurityContext in cxf-rt-core. Otherwise it uses this value in combination * with the SUBJECT_ROLE_CLASSIFIER_TYPE to get the roles from the Subject. */ public static final String SUBJECT_ROLE_CLASSIFIER = "ws-security.role.classifier"; /** * The Crypto property configuration to use for the STS, if {@link STS_TOKEN_CRYPTO} is not * set instead. * The value of this tag must be either: * a) A Java Properties object that contains the Crypto configuration. * b) The path of the Crypto property file that contains the Crypto configuration. * c) A URL that points to the Crypto property file that contains the Crypto configuration. */ public static final String STS_TOKEN_PROPERTIES = "ws-security.sts.token.properties"; /** * The token to be sent to the STS in an "ActAs" field. It can be either: * a) A String * b) A DOM Element * c) A CallbackHandler object to use to obtain the token */ public static final String STS_TOKEN_ACT_AS = "ws-security.sts.token.act-as"; /** * The token to be sent to the STS in an "OnBehalfOf" field. It can be either: * a) A String * b) A DOM Element * c) A CallbackHandler object to use to obtain the token */ public static final String STS_TOKEN_ON_BEHALF_OF = "ws-security.sts.token.on-behalf-of"; -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira