|
Apache CXF example source code file (SecurityPolicyTest.java)
The Apache CXF SecurityPolicyTest.java source code/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.cxf.systest.ws.security; import java.io.IOException; import java.io.StringReader; import java.math.BigInteger; import java.util.HashMap; import java.util.Map; import javax.jws.WebService; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamSource; import javax.xml.ws.BindingProvider; import javax.xml.ws.Dispatch; import javax.xml.ws.Endpoint; import javax.xml.ws.Provider; import javax.xml.ws.Service.Mode; import javax.xml.ws.ServiceMode; import javax.xml.ws.WebServiceProvider; import javax.xml.xpath.XPathConstants; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.apache.cxf.helpers.XMLUtils; import org.apache.cxf.helpers.XPathUtils; import org.apache.cxf.interceptor.LoggingOutInterceptor; import org.apache.cxf.jaxws.EndpointImpl; import org.apache.cxf.policytest.doubleit.DoubleItPortType; import org.apache.cxf.policytest.doubleit.DoubleItService; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.policy.PolicyEngine; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.ws.security.WSPasswordCallback; import org.junit.BeforeClass; import org.junit.Test; public class SecurityPolicyTest extends AbstractBusClientServerTestBase { public static final String PORT = allocatePort(SecurityPolicyTest.class); public static final String SSL_PORT = allocatePort(SecurityPolicyTest.class, 1); public static final String POLICY_ADDRESS = "http://localhost:" + PORT + "/SecPolTest"; public static final String POLICY_HTTPS_ADDRESS = "https://localhost:" + SSL_PORT + "/SecPolTest"; public static final String POLICY_ENCSIGN_ADDRESS = "http://localhost:" + PORT + "/SecPolTestEncryptThenSign"; public static final String POLICY_SIGNENC_ADDRESS = "http://localhost:" + PORT + "/SecPolTestSignThenEncrypt"; public static final String POLICY_SIGNENC_PROVIDER_ADDRESS = "http://localhost:" + PORT + "/SecPolTestSignThenEncryptProvider"; public static final String POLICY_SIGN_ADDRESS = "http://localhost:" + PORT + "/SecPolTestSign"; public static final String POLICY_XPATH_ADDRESS = "http://localhost:" + PORT + "/SecPolTestXPath"; public static final String POLICY_SIGNONLY_ADDRESS = "http://localhost:" + PORT + "/SecPolTestSignedOnly"; public static final String POLICY_CXF3041_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3041"; public static final String POLICY_CXF3042_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3042"; public static class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; if (pc.getIdentifier().equals("bob")) { // set the password on the callback. This will be compared to the // password which was sent from the client. pc.setPassword("pwd"); } } } private DoubleItService service = new DoubleItService(); @BeforeClass public static void init() throws Exception { createStaticBus(SecurityPolicyTest.class.getResource("https_config.xml").toString()) .getExtension(PolicyEngine.class).setEnabled(true); getStaticBus().getOutInterceptors().add(new LoggingOutInterceptor()); EndpointImpl ep = (EndpointImpl)Endpoint.publish(POLICY_HTTPS_ADDRESS, new DoubleItImplHttps()); ep.getServer().getEndpoint().getEndpointInfo().setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback()); Endpoint.publish(POLICY_ADDRESS, new DoubleItImpl()); ep = (EndpointImpl)Endpoint.publish(POLICY_ENCSIGN_ADDRESS, new DoubleItImplEncryptThenSign()); EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_ADDRESS, new DoubleItImplSignThenEncrypt()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_SIGN_ADDRESS, new DoubleItImplSign()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_XPATH_ADDRESS, new DoubleItImplXPath()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_PROVIDER_ADDRESS, new DoubleItProvider()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNONLY_ADDRESS, new DoubleItImplSignOnly()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_CXF3041_ADDRESS, new DoubleItImplCXF3041()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("bob.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ep = (EndpointImpl)Endpoint.publish(POLICY_CXF3042_ADDRESS, new DoubleItImplCXF3042()); ei = ep.getServer().getEndpoint().getEndpointInfo(); ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, SecurityPolicyTest.class.getResource("alice.properties").toString()); } @Test public void testPolicy() throws Exception { DoubleItPortType pt; pt = service.getDoubleItPortXPath(); updateAddressPort(pt, PORT); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, getClass().getResource("alice.properties")); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, getClass().getResource("bob.properties")); assertEquals(BigInteger.valueOf(10), pt.doubleIt(BigInteger.valueOf(5))); pt = service.getDoubleItPortEncryptThenSign(); updateAddressPort(pt, PORT); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, getClass().getResource("alice.properties")); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, getClass().getResource("bob.properties")); pt.doubleIt(BigInteger.valueOf(5)); pt = service.getDoubleItPortSign(); updateAddressPort(pt, PORT); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, getClass().getResource("alice.properties")); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, getClass().getResource("bob.properties")); pt.doubleIt(BigInteger.valueOf(5)); pt = service.getDoubleItPortSignThenEncrypt(); updateAddressPort(pt, PORT); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, getClass().getResource("alice.properties")); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, getClass().getResource("bob.properties")); pt.doubleIt(BigInteger.valueOf(5)); ((BindingProvider)pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, POLICY_SIGNENC_PROVIDER_ADDRESS); int x = pt.doubleIt(BigInteger.valueOf(5)).intValue(); assertEquals(10, x); pt = service.getDoubleItPortHttps(); updateAddressPort(pt, SSL_PORT); try { pt.doubleIt(BigInteger.valueOf(25)); } catch (Exception ex) { String msg = ex.getMessage(); if (!msg.contains("sername")) { throw ex; } } ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob"); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "bob"); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd"); pt.doubleIt(BigInteger.valueOf(25)); try { pt = service.getDoubleItPortHttp(); updateAddressPort(pt, PORT); pt.doubleIt(BigInteger.valueOf(25)); fail("https policy should have triggered"); } catch (Exception ex) { String msg = ex.getMessage(); if (!msg.contains("HttpsToken")) { throw ex; } } } @Test public void testSignedOnlyWithUnsignedMessage() throws Exception { //CXF-2244 DoubleItPortType pt; pt = service.getDoubleItPortSignedOnly(); updateAddressPort(pt, PORT); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, getClass().getResource("alice.properties")); ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, getClass().getResource("bob.properties")); //This should work as it should be properly signed. assertEquals(BigInteger.valueOf(10), pt.doubleIt(BigInteger.valueOf(5))); //Try sending a message with the "TimestampOnly" policy into affect to the //service running the "signed only" policy. This SHOULD fail as the //body is then not signed. pt = service.getDoubleItPortTimestampOnly(); ((BindingProvider)pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, POLICY_SIGNONLY_ADDRESS); try { pt.doubleIt(BigInteger.valueOf(5)); fail("should have had a security/policy exception as the body wasn't signed"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("policy alternatives")); } } @Test public void testDispatchClient() throws Exception { Dispatch<Source> disp = service.createDispatch(DoubleItService.DoubleItPortEncryptThenSign, Source.class, Mode.PAYLOAD); disp.getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); disp.getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, getClass().getResource("alice.properties")); disp.getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, getClass().getResource("bob.properties")); updateAddressPort(disp, PORT); String req = "<ns2:DoubleIt xmlns:ns2=\"http://cxf.apache.org/policytest/DoubleIt\">" + "<numberToDouble>25"; Source source = new StreamSource(new StringReader(req)); source = disp.invoke(source); Node nd = XMLUtils.fromSource(source); if (nd instanceof Document) { nd = ((Document)nd).getDocumentElement(); } Map<String, String> ns = new HashMap Other Apache CXF examples (source code examples)Here is a short list of links related to this Apache CXF SecurityPolicyTest.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.