diff --git a/demos/pom.xml b/demos/pom.xml
index 4b24e9655..38d34c3cd 100644
--- a/demos/pom.xml
+++ b/demos/pom.xml
@@ -17,6 +17,7 @@
ws-bootable-jar-example
+ wstrust
diff --git a/demos/wstrust/README.md b/demos/wstrust/README.md
new file mode 100644
index 000000000..e256b51d1
--- /dev/null
+++ b/demos/wstrust/README.md
@@ -0,0 +1,149 @@
+Web Service Trust - A 2 Pods WildFly test case
+=======
+
+This module is an example of testing a jaxws application that requires 2 communicating OpenShift pods.
+One pod is a Security Token Service (STS). The other is the web service provider. The test itself
+is the web service requester. Modules sts and service build a bootable jar that is deployed to OpenShift.
+
+# Test Overview
+
+This example is a basic WS-Trust scenario.
+The service provider requires a SAML 2.0 token issued from a designed STS to be presented by the
+service requester using asymmetric binding. These communication requirements are declared in the
+service provider’s WSDL. The STS requires service requester credentials be provided in a WSS
+UsernameToken format request using symmetric binding. The STS’s response is provided containing
+a SAML 2.0 token. These communication requirements are declared in the STS’s WSDL.
+
+ 1. A service requester contacts the service provider and consumes its WSDL. Upon finding the security token issuer requirement, it creates and configures a STSClient with the information it requires to generate a proper request.
+
+ 2. The STSClient contacts the STS and consumes its WSDL. The security policies are discovered. The STSClient creates and sends an authentication request, with appropriate credentials.
+
+ 3. The STS verifies the credentials.
+
+ 4. In response, the STS issues a security token that provides proof that the service requester has authenticated with the STS.
+
+ 5. The STSClient presents a message with the security token to the service provider.
+
+ 6. The service provider verifies the token was issued by the STS, thus proving the service requester has successfully authenticated with the STS.
+
+ 7. The service provider executes the requested service and returns the results to the service requester.
+
+
+# Example layout
+
+This example consists of 4 modules and 2 reference directories.
+
+- modules
+ * _shared:_ contains class files that are shared among modules, sts, service and test.
+
+ * _sts:_ a mock STS implementation.
+
+ * _service:_ the service implementation.
+
+ * _test:_ the test code.
+
+- directories
+ * _shared-cli-scripts:_ contains a Wildfly CLI script and corresponding properties file. The script
+ configures Wildfly's `standalone.xml` file providing the needed security information.
+ Modules sts and service are both configured with the same information.
+
+ * _shared-extra-content:_ contains the keystore and property files provided to Wildfly.
+
+
+
+# Test Configuration
+
+In Wildfly a deployable archive named **ROOT** (e.g ROOT.war) has special meaning.
+Wildfly automatically deploys an archive with this name into its root directory,
+"/", and this forces the application's context-root to be empty. [1]
+The format for the url of a webservices application is
+~~~~
+http://://
+~~~~
+ When the context-root
+is not explicitly defined in a `web.xml` or `jboss-web.xml` file in the archive,
+the archive's name is used. For example the context-root of a webservice
+archive named `MyWebservice.war` in which no context-root has been explicitly
+defined would be MyWebservice. The url would be,
+~~~~
+http://:/MyWebservice/
+~~~~
+
+When a webservice archive is named **ROOT** the application's context-root must be
+explicitly defined to be empty so that the url can properly be resolved. This can be achieved
+by adding a `jboss-web.xml` file to the archive that contains the following,
+
+
+
+
+
+
+
+In troubleshooting a webservice's url,
+a method to determine the expected url is to startup Wildfly and look for
+the following information in the server.log or the terminal window.
+
+~~~~
+ ... JBWS024061: Adding service endpoint metadata: id=org.jboss.jaxws.EndpointImpl
+ address=http://jbossws.undefined.host:8080/EndpointServiceSERVICE
+ implementor=org.jboss.jaxws.EndpointImpl
+ serviceName={http://org.jboss.ws/cxf/container}EndpointServiceSERVICE
+ portName={http://org.jboss.ws/cxf/container}EndpointService
+ annotationWsdlLocation=null
+ wsdlLocationOverride=null
+ mtomEnabled=false
+~~~~
+
+
+The `address` above displays the url information of the service.
+
+__Note:__
+
+Be aware that `wildfly-jar-maven-plugin` by default places any deployed archive
+into Wildfly's root directory; the archive does not need to be named ROOT. [2]
+This behavior can be changed to use the WAR file name as the context-root
+by specifying the `false` element in the plugin's
+configuration section. [3]
+
+The wstrust example demonstrates both context-root scenarios. Module, sts, builds an archive
+named `sts-ROOT.war`, that is deployed by the `wildfly-jar-maven-plugin` into Wildfly's
+root directory.
+The archive name is declared by the `` element in the `maven-war-plugin`.
+A `jboss-web.xml` file as described above is provided in the `sts/src/main/webapp/WEB-INF/`
+directory. No `` element is declared in the `wildfly-jar-maven-plugin`'s
+configuration section to change its default behavior of deploying the archive into
+Wildfly's root directory. In `WstrustOpenShiftJarTest` the URL to the STS does not reference
+the war filename because an empty context-root is being used. Module, service, builds an
+archive named `service-ROOT.war`, that is deployed by the `wildfly-jar-maven-plugin` into Wildfly
+but uses the archive name as the service's context-root. The archive name is declared in the
+`` element in the `maven-war-plugin`. In the `wildfly-jar-maven-plugin`'s configuration
+section, element `` is declared to be *false*. This causes the archive name
+to be used as the context-root. In `WstrustOpenShiftJarTest` the URL to the service contain
+`service-ROOT`.
+
+__Mock STS Configuration__
+
+The mock STS provider needs to be configured with the service provider's url.
+Intersmash uses a fabric8 kubernetes `EvnVar` object to pass the provider's url string from
+the test setup code to the sts provider. Class `STSWstrustOpenShiftJarApplication`
+provides the information via its `getEnvVars` method.
+
+__Build and Run__
+
+The test can be built and run with the following commands.
+
+~~~~
+ mvn clean install -DskipTests -Pdemo
+ mvn test -pl demos/wstrust/test -Dtest=WstrustOpenShiftJarTest -Pdemo \
+ -Dxtf.test_properties.path=/ABSOLUTE/PATH/TO/test.properties
+~~~~
+
+
+__References__
+
+[1] https://www.mastertheboss.com/web/jboss-web-server/how-to-deploy-a-web-application-on-the-root-context-on-jboss-as-7/
+
+[2] https://docs.wildfly.org/bootablejar/#wildfly_jar_url_context
+
+[3] https://docs.wildfly.org/bootablejar/#contextRoot
diff --git a/demos/wstrust/pom.xml b/demos/wstrust/pom.xml
new file mode 100644
index 000000000..bb95634b1
--- /dev/null
+++ b/demos/wstrust/pom.xml
@@ -0,0 +1,161 @@
+
+
+ 4.0.0
+
+ org.jboss.intersmash
+ intersmash-demos
+ 0.0.1-SNAPSHOT
+ ../pom.xml
+
+ wstrust-parent
+ pom
+
+ Intersmash Demos : (Wildfly): Webservices Trust Example (parent)
+
+
+ shared
+ sts
+ service
+ test
+
+
+
+ 6.2.6.Final
+ 6.2.6.Final
+
+ 2.0.1
+ 10.0.0
+
+ 7.0.0.Final
+ 4.0.2
+ 4.0.4
+ 2.4.0-b180830.0359
+
+
+
+
+
+
+ org.jboss.resteasy
+ resteasy-bom
+ ${version.resteasy-bom}
+ pom
+ import
+
+
+ org.jboss.resteasy
+ resteasy-client-api
+ ${version.resteasy-client-api}
+
+
+ jakarta.platform
+ jakarta.jakartaee-api
+ ${version.jakarta.jakartaee-api}
+ provided
+
+
+ jakarta.inject
+ jakarta.inject-api
+ ${version.jakarta.inject-api}
+ provided
+
+
+ io.fabric8
+ generator-annotations
+ ${version.io.fabric8}
+
+
+ io.fabric8
+ openshift-client
+ ${version.openshift-client}
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-client
+ ${version.jbossws-cxf}
+
+
+ org.jboss.slf4j
+ slf4j-jboss-logging
+
+
+
+
+ org.jboss.intersmash
+ wstrust-shared
+ ${project.version}
+
+
+ org.apache.cxf.services.sts
+ cxf-services-sts-core
+ ${version.org.apache.cxf}
+
+
+ org.springframework
+ *
+
+
+ org.apache.cxf
+ cxf-rt-ws-security
+
+
+
+
+ org.apache.cxf
+ cxf-rt-ws-security
+ ${version.org.apache.cxf}
+
+
+ org.ehcache
+ ehcache
+
+
+
+
+ org.apache.cxf
+ cxf-core
+ ${version.org.apache.cxf}
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-test-utils
+ ${version.jbossws-cxf}
+
+
+ org.apache.cxf
+ cxf-rt-frontend-jaxws
+ ${version.org.apache.cxf}
+
+
+ javax.xml.bind
+ jaxb-api
+ ${version.jaxb-api}
+
+
+ org.glassfish.jaxb
+ jaxb-runtime
+ ${version.org.glassfish.jaxb}
+
+
+ org.glassfish.jaxb
+ jaxb-core
+ ${version.org.glassfish.jaxb}
+
+
+
+
+
+
+ org.jboss.intersmash
+ intersmash-tools-provisioners
+ ${project.version}
+ test
+
+
+ org.jboss.intersmash
+ intersmash-deployments-provider
+
+
+
diff --git a/demos/wstrust/service/pom.xml b/demos/wstrust/service/pom.xml
new file mode 100644
index 000000000..2090cdeee
--- /dev/null
+++ b/demos/wstrust/service/pom.xml
@@ -0,0 +1,162 @@
+
+
+
+
+
+ 4.0.0
+
+
+ org.jboss.intersmash
+ wstrust-parent
+ 0.0.1-SNAPSHOT
+ ../pom.xml
+
+
+ wstrust-service
+ war
+
+ Intersmash Demos : (Wildfly): Webservices Trust Example (service)
+
+
+ ${project.parent.parent.parent.basedir}/ide-config
+
+ 3.3.2
+
+ 10.0.0.Final
+
+ 29.0.1.Final
+
+
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-client
+
+
+ org.jboss.intersmash
+ wstrust-shared
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-war-plugin
+ ${version.maven-war-plugin}
+
+
+ %regex[^WEB-INF\/lib\/(?!wstrust-shared-.*\.jar$).*$]
+ service-ROOT
+
+ ${project.basedir}/src/main/webapp/META-INF/MANIFEST.MF
+
+
+
+
+ process-classes
+
+ war
+
+
+
+
+
+ org.wildfly.plugins
+ wildfly-jar-maven-plugin
+ ${version.wildfly-jar-maven-plugin}
+
+
+ create-bootable-jar-openshift
+ process-test-sources
+
+ package
+
+
+
+
+ false
+ ${project.build.finalName}-bootable-openshift.jar
+
+
+
+ org.wildfly:wildfly-galleon-pack:${version.wildfly.feature-pack}
+
+
+
+ cloud-server
+ webservices
+
+
+
+ ${project.basedir}/../shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties
+
+
+
+
+
+
+ ${project.basedir}/../shared-extra-content
+
+
+
+ true
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-install-plugin
+
+
+ install-bootable-jar-openshift
+ generate-test-resources
+
+ install-file
+
+
+ ${project.groupId}
+ ${project.artifactId}
+ ${project.version}
+ jar
+ bootable-openshift
+ ${project.build.directory}/${project.build.finalName}-bootable-openshift.jar
+
+
+
+
+
+
+
diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java
new file mode 100644
index 000000000..67580d4ed
--- /dev/null
+++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java
@@ -0,0 +1,27 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.jaxws;
+
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
+
+@XmlRootElement(name = "sayHello", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "sayHello", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")
+public class SayHello {
+}
diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java
new file mode 100644
index 000000000..d53be36ea
--- /dev/null
+++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java
@@ -0,0 +1,40 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.jaxws;
+
+import jakarta.xml.bind.annotation.XmlAccessType;
+import jakarta.xml.bind.annotation.XmlAccessorType;
+import jakarta.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlRootElement;
+import jakarta.xml.bind.annotation.XmlType;
+
+@XmlRootElement(name = "sayHelloResponse", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "sayHelloResponse", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")
+public class SayHelloResponse {
+
+ @XmlElement(name = "return", namespace = "")
+ private String _return;
+
+ public String getReturn() {
+ return this._return;
+ }
+
+ public void setReturn(String _return) {
+ this._return = _return;
+ }
+
+}
diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java
new file mode 100644
index 000000000..f154235fb
--- /dev/null
+++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+public class ServerCallbackHandler extends PasswordCallbackHandler {
+
+ public ServerCallbackHandler() {
+ super(getInitMap());
+ }
+
+ private static Map getInitMap() {
+ Map passwords = new HashMap();
+ passwords.put("myservicekey", "skpass");
+ return passwords;
+ }
+}
diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java
new file mode 100644
index 000000000..886ad080b
--- /dev/null
+++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service;
+
+import jakarta.jws.WebService;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+
+@WebService(portName = "SecurityServicePort", serviceName = "SecurityService", wsdlLocation = "WEB-INF/wsdl/SecurityService.wsdl", targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface")
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "myservicekey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "serviceKeystore.properties"),
+ @EndpointProperty(key = "ws-security.encryption.properties", value = "serviceKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServerCallbackHandler")
+})
+public class ServiceImpl implements ServiceIface {
+ public String sayHello() {
+ return "WS-Trust Hello World!";
+ }
+}
diff --git a/demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF b/demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..b21799bc7
--- /dev/null
+++ b/demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Dependencies: org.jboss.ws.cxf.jbossws-cxf-client
+jbws-COMMENT: https://jbossws.github.io/documentation/7.0.0.Final/JBossWS-CXF/#advanced-user-guide 5.13.4. A Basic WS-Trust Scenario, MANIFEST.MF
+
diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties
new file mode 100644
index 000000000..7657a5f70
--- /dev/null
+++ b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties
@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=sspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
+org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks
+
diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/classes/servicestore.jks b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/servicestore.jks
new file mode 100644
index 000000000..999ee824c
Binary files /dev/null and b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/servicestore.jks differ
diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/demos/wstrust/service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100644
index 000000000..5c39332fe
--- /dev/null
+++ b/demos/wstrust/service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml b/demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml
new file mode 100644
index 000000000..f7a72826d
--- /dev/null
+++ b/demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml
@@ -0,0 +1,41 @@
+
+
+
+
+ java.lang.RuntimePermission
+ getClassLoader
+
+
+ java.util.PropertyPermission
+ user.dir
+ read
+
+
+ java.util.PropertyPermission
+ jboss.bind.address
+ read
+
+
+ java.lang.RuntimePermission
+ createClassLoader
+
+
+ java.lang.RuntimePermission
+ org.apache.cxf.permission
+ resolveUri
+
+
+
+ java.net.SocketPermission
+ *
+ connect,resolve
+
+
+ java.io.FilePermission
+ <<ALL FILES>>
+ read
+
+
diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl
new file mode 100644
index 000000000..e3f76e7c8
--- /dev/null
+++ b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl
@@ -0,0 +1,164 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
+ http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey
+
+
+
+
+
+ http://@jboss.bind.address@:@add_int(port-offset.cxf-tests.jboss,8080)@/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService
+
+ stsns:SecurityTokenService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd
new file mode 100644
index 000000000..dadc87a0f
--- /dev/null
+++ b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties
new file mode 100644
index 000000000..a8737a3be
--- /dev/null
+++ b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties
@@ -0,0 +1,5 @@
+#Mon, 23 Oct 2023 10:54:34 -0400
+
+usersPropFile=digest-jbossws-users.properties
+rolesPropFile=digest-jbossws-roles.properties
+keystorePath=test.keystore
diff --git a/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli
new file mode 100644
index 000000000..a3fef5b72
--- /dev/null
+++ b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli
@@ -0,0 +1,133 @@
+
+##embed-server --std-out=echo --server-config=jbws-testsuite-default.xml
+
+
+## jbws-testsuite-default-elytron-CLI.properties contents
+##set testResourcesDir=${testResourcesDir}
+set usersPropFile=${usersPropFile}
+set rolesPropFile=${rolesPropFile}
+set keystorePath=${keystorePath}
+
+
+## must build configuration elements from the bottom up
+## 1. realm
+## 2. security domain
+## 3. ejb3 ref and undertow ref
+## 4. misc ref
+
+##----- JBossWS domain config ---------
+# 1.
+echo JBossWS domain config
+./subsystem=elytron/properties-realm=JBossWS \
+ :add(users-properties={relative-to=jboss.server.config.dir, path=ejb-digest-jbossws-users.properties, plain-text=true}, \
+ groups-properties={relative-to=jboss.server.config.dir, path=digest-jbossws-roles.properties})
+# 2.
+./subsystem=elytron/security-domain=JBossWS \
+ :add(default-realm=JBossWS, permission-mapper=default-permission-mapper, \
+ realms=[{realm=JBossWS,role-decoder=groups-to-roles}])
+# 3.
+./subsystem=elytron/http-authentication-factory=JBossWS \
+ :add(security-domain=JBossWS, http-server-mechanism-factory=global, \
+ mechanism-configurations=[{mechanism-name=BASIC, \
+ mechanism-realm-configurations=[{realm-name=JBossWS}] }])
+# 4.
+./subsystem=ejb3/application-security-domain=JBossWS:add(security-domain=JBossWS)
+./subsystem=undertow/application-security-domain=JBossWS \
+ :add(http-authentication-factory=JBossWS)
+
+##----- ws-basic-domain domain config ---------
+echo ws-basic-domain domain config
+# 1.
+./subsystem=elytron/properties-realm=ws-basic-domain \
+ :add(users-properties={relative-to=jboss.server.config.dir, path=ws-users.properties, plain-text=true}, \
+ groups-properties={relative-to=jboss.server.config.dir, path=ws-roles.properties})
+# 2.
+./subsystem=elytron/security-domain=ws-basic-domain \
+ :add(default-realm=ws-basic-domain, permission-mapper=default-permission-mapper, \
+ realms=[{realm=ws-basic-domain,role-decoder=groups-to-roles}])
+# 3.
+./subsystem=elytron/http-authentication-factory=ws-basic-domain \
+ :add(security-domain=ws-basic-domain, http-server-mechanism-factory=global, \
+ mechanism-configurations=[{mechanism-name=BASIC, \
+ mechanism-realm-configurations=[{realm-name=ws-basic-domain}] }])
+# 4.
+./subsystem=ejb3/application-security-domain=ws-basic-domain \
+ :add(security-domain=ws-basic-domain)
+./subsystem=undertow/application-security-domain=ws-basic-domain \
+ :add(http-authentication-factory=ws-basic-domain)
+
+
+##----- ws-digest-domain domain config ---------
+echo ws-digest-domain domain config
+# 1.
+./subsystem=elytron/properties-realm=ws-digest-domain \
+ :add(users-properties={relative-to=jboss.server.config.dir, path=ws-digest-users.properties}, \
+ groups-properties={relative-to=jboss.server.config.dir, path=ws-roles.properties})
+# 2.
+./subsystem=elytron/security-domain=ws-digest-domain \
+ :add(default-realm=ws-digest-domain, permission-mapper=default-permission-mapper, \
+ realms=[{realm=ws-digest-domain,role-decoder=groups-to-roles}])
+# 3.
+./subsystem=elytron/http-authentication-factory=ws-digest-domain \
+ :add(security-domain=ws-digest-domain, http-server-mechanism-factory=global, \
+ mechanism-configurations=[{mechanism-name=DIGEST, \
+ mechanism-realm-configurations=[{realm-name=ws-digest-domain}] }])
+# 4.
+./subsystem=undertow/application-security-domain=ws-digest-domain \
+ :add(http-authentication-factory=ws-digest-domain)
+
+##----- JBossWSDigest domain config ---------
+echo JBossWSDigest domain config
+# 1.
+./subsystem=elytron/properties-realm=JAASJBossWSDigestRealm \
+ :add(users-properties={relative-to=jboss.server.config.dir, path=digest-jbossws-users.properties, plain-text=true}, \
+ groups-properties={relative-to=jboss.server.config.dir, path=digest-jbossws-roles.properties})
+# 2.
+./subsystem=elytron/security-domain=JBossWSDigest \
+ :add(default-realm=JAASJBossWSDigestRealm, permission-mapper=default-permission-mapper, \
+ realms=[{realm=JAASJBossWSDigestRealm,role-decoder=groups-to-roles}])
+# 3.
+./subsystem=elytron/http-authentication-factory=JBossWSDigest \
+ :add(security-domain=JBossWSDigest, http-server-mechanism-factory=global, \
+ mechanism-configurations=[{mechanism-name=BASIC, \
+ mechanism-realm-configurations=[{realm-name=JAASJBossWSDigestRealm}] }])
+# 4.
+./subsystem=undertow/application-security-domain=JBossWSDigest \
+ :add(http-authentication-factory=JBossWSDigest)
+
+
+##----- JAASJBossWS domain config ---------
+echo JAASJBossWS domain config
+# 1.
+./subsystem=elytron/properties-realm=JAASJBossWSRealm \
+ :add(users-properties={relative-to=jboss.server.config.dir, path=$usersPropFile, plain-text=true}, \
+ groups-properties={relative-to=jboss.server.config.dir, path=$rolesPropFile})
+# 2.
+./subsystem=elytron/security-domain=JAASJBossWS \
+ :add(default-realm=JAASJBossWSRealm, permission-mapper=default-permission-mapper, \
+ realms=[{realm=JAASJBossWSRealm,role-decoder=groups-to-roles}])
+# 3.
+./subsystem=elytron/http-authentication-factory=JAASJBossWS \
+ :add(security-domain=JAASJBossWS, http-server-mechanism-factory=global, \
+ mechanism-configurations=[{mechanism-name=BASIC, \
+ mechanism-realm-configurations=[{realm-name=JAASJBossWSRealm}] }])
+# 4.
+./subsystem=undertow/application-security-domain=JAASJBossWS \
+ :add(http-authentication-factory=JAASJBossWS)
+
+
+##----- alter elytron/tls/key-stores/key-store settings -----
+echo key-store conf
+./subsystem=elytron/key-store=applicationKS/ \
+ :write-attribute(name=credential-reference, value=clear-text=password)
+./subsystem=elytron/key-store=applicationKS \
+ :write-attribute(name=path, value=$keystorePath)
+./subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to, value=jboss.server.config.dir)
+
+##----- alter elytron/tls/key-managers/key-manager settings -----
+./subsystem=elytron/key-manager=applicationKM \
+ :write-attribute(name=credential-reference, value=clear-text=password)
+./subsystem=elytron/key-manager=applicationKM \
+ :write-attribute(name=alias-filter, value=jboss)
+
+## stop-embedded-server
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties
new file mode 100644
index 000000000..b37a12bbc
--- /dev/null
+++ b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties
@@ -0,0 +1,2 @@
+# A sample roles.properties file for use with the UsersRolesLoginModule
+kermit=friend
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties
new file mode 100644
index 000000000..0770449b7
--- /dev/null
+++ b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties
@@ -0,0 +1,4 @@
+# A sample users.properties file for use with the UsersRolesLoginModule
+#Elytron requires this
+#$REALM_NAME=JAASJBossWSDigestRealm$ This line is used by the add-user utility to identify the realm name already used in this file.
+kermit=therealfrog
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties
new file mode 100644
index 000000000..ac5ee5d89
--- /dev/null
+++ b/demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties
@@ -0,0 +1,4 @@
+# A sample users.properties file for use with the UsersRolesLoginModule
+#Elytron requires this
+#$REALM_NAME=JBossWS$ This line is used by the add-user utility to identify the realm name already used in this file.
+kermit=therealfrog
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/test.keystore b/demos/wstrust/shared-extra-content/standalone/configuration/test.keystore
new file mode 100644
index 000000000..43f9fb199
Binary files /dev/null and b/demos/wstrust/shared-extra-content/standalone/configuration/test.keystore differ
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties
new file mode 100644
index 000000000..c3284a233
--- /dev/null
+++ b/demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties
@@ -0,0 +1,2 @@
+#$REALM_NAME=ws-digest-domain$ This line is used by the add-user utility to identify the realm name already used in this file.
+jbossws=148f15e82b7877e306261fff94a6ee16
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties
new file mode 100644
index 000000000..d692fb619
--- /dev/null
+++ b/demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties
@@ -0,0 +1 @@
+jbossws=guest
diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties
new file mode 100644
index 000000000..5af6e013c
--- /dev/null
+++ b/demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties
@@ -0,0 +1,2 @@
+#$REALM_NAME=ws-basic-domain$ This line is used by the add-user utility to identify the realm name already used in this file.
+jbossws=jbossws
diff --git a/demos/wstrust/shared/pom.xml b/demos/wstrust/shared/pom.xml
new file mode 100644
index 000000000..655d1e44e
--- /dev/null
+++ b/demos/wstrust/shared/pom.xml
@@ -0,0 +1,51 @@
+
+
+
+
+
+ 4.0.0
+
+
+ org.jboss.intersmash
+ wstrust-parent
+ 0.0.1-SNAPSHOT
+ ../pom.xml
+
+
+ wstrust-shared
+
+ Intersmash Demos : (Wildfly): Webservices Trust Example (shared)
+
+
+ ${project.parent.parent.parent.basedir}/ide-config
+
+
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-client
+
+
+
diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java
new file mode 100644
index 000000000..1c4dcebe1
--- /dev/null
+++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java
@@ -0,0 +1,25 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service;
+
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebService;
+
+@WebService(targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")
+public interface ServiceIface {
+ @WebMethod
+ String sayHello();
+}
diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java
new file mode 100644
index 000000000..f5f1aabad
--- /dev/null
+++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java
@@ -0,0 +1,46 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+public class ClientCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ }
+ }
+ }
+ }
+}
diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java
new file mode 100644
index 000000000..7e7160d7f
--- /dev/null
+++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java
@@ -0,0 +1,169 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSSerializer;
+
+/**
+ * This implementation obtains a username and password via the jaxws property
+ * "ws-security.username" and "ws-security.password" respectively, as defined
+ * in SecurityConstants. It creates a wss UsernameToken to be used as the
+ * delegation token.
+ */
+
+public class UsernameTokenCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof DelegationCallback) {
+ DelegationCallback callback = (DelegationCallback) callbacks[i];
+ Message message = callback.getCurrentMessage();
+
+ String username = (String) message.getContextualProperty(SecurityConstants.USERNAME);
+ String password = (String) message.getContextualProperty(SecurityConstants.PASSWORD);
+ if (username != null) {
+ Node contentNode = message.getContent(Node.class);
+ Document doc = null;
+ if (contentNode != null) {
+ doc = contentNode.getOwnerDocument();
+ } else {
+ doc = DOMUtils.createDocument();
+ }
+ UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc);
+ callback.setToken(usernameToken.getElement());
+ }
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+ /**
+ * Provide UsernameToken as a string.
+ * @param ctx
+ * @return user token
+ */
+ public String getUsernameTokenString(Map ctx) {
+ Document doc = DOMUtils.createDocument();
+ String result = null;
+ String username = (String) ctx.get(SecurityConstants.USERNAME);
+ String password = (String) ctx.get(SecurityConstants.PASSWORD);
+ if (username != null) {
+ UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc);
+ result = toString(usernameToken.getElement().getFirstChild().getParentNode());
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param username
+ * @param password
+ * @return user token
+ */
+ public String getUsernameTokenString(String username, String password) {
+ Document doc = DOMUtils.createDocument();
+ String result = null;
+ if (username != null) {
+ UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc);
+ result = toString(usernameToken.getElement().getFirstChild().getParentNode());
+ }
+ return result;
+ }
+
+ /**
+ * Provide UsernameToken as a DOM Element.
+ * @param ctx
+ * @return user token as element
+ */
+ public Element getUsernameTokenElement(Map ctx) {
+ Document doc = DOMUtils.createDocument();
+ Element result = null;
+ UsernameToken usernameToken = null;
+ String username = (String) ctx.get(SecurityConstants.USERNAME);
+ String password = (String) ctx.get(SecurityConstants.PASSWORD);
+ if (username != null) {
+ usernameToken = createWSSEUsernameToken(username, password, doc);
+ result = usernameToken.getElement();
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param username
+ * @param password
+ * @return user token as element
+ */
+ public Element getUsernameTokenElement(String username, String password) {
+ Document doc = DOMUtils.createDocument();
+ Element result = null;
+ UsernameToken usernameToken = null;
+ if (username != null) {
+ usernameToken = createWSSEUsernameToken(username, password, doc);
+ result = usernameToken.getElement();
+ }
+ return result;
+ }
+
+ private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) {
+
+ UsernameToken usernameToken = new UsernameToken(true, doc,
+ (password == null) ? null : WSConstants.PASSWORD_TEXT);
+ usernameToken.setName(username);
+ usernameToken.addWSUNamespace();
+ usernameToken.addWSSENamespace();
+ usernameToken.setID("id-" + username);
+
+ if (password != null) {
+ usernameToken.setPassword(password);
+ }
+
+ return usernameToken;
+ }
+
+ private String toString(Node node) {
+ String str = null;
+
+ if (node != null) {
+ DOMImplementationLS lsImpl = (DOMImplementationLS) node.getOwnerDocument().getImplementation().getFeature("LS",
+ "3.0");
+ LSSerializer serializer = lsImpl.createLSSerializer();
+ serializer.getDomConfig().setParameter("xml-declaration", false); //by default its true, so set it to false to get String without xml-declaration
+ str = serializer.writeToString(node);
+ }
+ return str;
+ }
+
+}
diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java
new file mode 100644
index 000000000..183405d84
--- /dev/null
+++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java
@@ -0,0 +1,48 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+public class WSTrustAppUtils {
+
+ public static String getServerHost() {
+ final String host = System.getProperty("jboss.bind.address", "localhost");
+ return toIPv6URLFormat(host);
+ }
+
+ private static String toIPv6URLFormat(final String host) {
+ try {
+ if (host.startsWith("[") || host.startsWith(":")) {
+ if (System.getProperty("java.net.preferIPv4Stack") == null) {
+ throw new IllegalStateException(
+ "always provide java.net.preferIPv4Stack JVM property when using IPv6 address format");
+ }
+ if (System.getProperty("java.net.preferIPv6Addresses") == null) {
+ throw new IllegalStateException(
+ "always provide java.net.preferIPv6Addresses JVM property when using IPv6 address format");
+ }
+ }
+ final boolean isIPv6Address = InetAddress.getByName(host) instanceof Inet6Address;
+ final boolean isIPv6Formatted = isIPv6Address && host.startsWith("[");
+ return isIPv6Address && !isIPv6Formatted ? "[" + host + "]" : host;
+ } catch (final UnknownHostException e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
diff --git a/demos/wstrust/sts/pom.xml b/demos/wstrust/sts/pom.xml
new file mode 100644
index 000000000..713656faf
--- /dev/null
+++ b/demos/wstrust/sts/pom.xml
@@ -0,0 +1,163 @@
+
+
+
+
+
+ 4.0.0
+
+
+ org.jboss.intersmash
+ wstrust-parent
+ 0.0.1-SNAPSHOT
+ ../pom.xml
+
+
+ wstrust-sts
+ war
+
+ Intersmash Demos : (Wildfly): Webservices Trust Example (sts)
+
+
+ ${project.parent.parent.parent.basedir}/ide-config
+
+ 3.3.2
+
+ 10.0.0.Final
+
+ 29.0.1.Final
+
+
+
+
+ org.jboss.intersmash
+ wstrust-shared
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-client
+
+
+ org.apache.cxf.services.sts
+ cxf-services-sts-core
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-war-plugin
+ ${version.maven-war-plugin}
+
+
+ %regex[^WEB-INF\/lib\/(?!wstrust-shared-.*\.jar$).*$]
+ sts-ROOT
+
+ ${project.basedir}/src/main/webapp/META-INF/MANIFEST.MF
+
+
+
+
+ process-classes
+
+ war
+
+
+
+
+
+ org.wildfly.plugins
+ wildfly-jar-maven-plugin
+ ${version.wildfly-jar-maven-plugin}
+
+
+ create-bootable-jar-openshift
+ process-test-sources
+
+ package
+
+
+
+ ${project.build.finalName}-bootable-openshift.jar
+
+
+ org.wildfly:wildfly-galleon-pack:${version.wildfly.feature-pack}
+
+
+
+ cloud-server
+ webservices
+
+
+
+ ${project.basedir}/../shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties
+
+
+
+
+
+
+ ${project.basedir}/../shared-extra-content
+
+
+
+ true
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-install-plugin
+
+
+ install-bootable-jar-openshift
+ generate-test-resources
+
+ install-file
+
+
+ ${project.groupId}
+ ${project.artifactId}
+ ${project.version}
+ jar
+ bootable-openshift
+ ${project.build.directory}/${project.build.finalName}-bootable-openshift.jar
+
+
+
+
+
+
+
diff --git a/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java
new file mode 100644
index 000000000..667b48a4e
--- /dev/null
+++ b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler;
+
+public class STSCallbackHandler extends PasswordCallbackHandler {
+ public STSCallbackHandler() {
+ super(getInitMap());
+ }
+
+ private static Map getInitMap() {
+ Map passwords = new HashMap();
+ passwords.put("mystskey", "stskpass");
+ passwords.put("alice", "clarinet");
+ return passwords;
+ }
+}
diff --git a/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java
new file mode 100644
index 000000000..ed415af63
--- /dev/null
+++ b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java
@@ -0,0 +1,69 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
+
+import jakarta.xml.ws.WebServiceProvider;
+
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.operation.TokenIssueOperation;
+import org.apache.cxf.sts.operation.TokenValidateOperation;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
+import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
+
+@WebServiceProvider(serviceName = "SecurityTokenService", portName = "UT_Port", targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/", wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.STSCallbackHandler"),
+ @EndpointProperty(key = "ws-security.validate.token", value = "false")
+})
+public class SampleSTS extends SecurityTokenServiceProvider {
+ public SampleSTS() throws Exception {
+ super();
+
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(STSCallbackHandler.class.getName());
+ props.setIssuer("DoubleItSTSIssuer");
+
+ List services = new LinkedList();
+ StaticService service = new StaticService();
+ service.setEndpoints(Arrays.asList(System.getenv("SERVICE_ENDPOINT_URL")));
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.setServices(services);
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ issueOperation.setStsProperties(props);
+
+ TokenValidateOperation validateOperation = new TokenValidateOperation();
+ validateOperation.getTokenValidators().add(new SAMLTokenValidator());
+ validateOperation.setStsProperties(props);
+
+ this.setIssueOperation(issueOperation);
+ this.setValidateOperation(validateOperation);
+ }
+}
diff --git a/demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF b/demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..fc0d5e7a1
--- /dev/null
+++ b/demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Dependencies: org.jboss.ws.cxf.jbossws-cxf-client,org.jboss.ws.cxf.sts annotations
+
diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties
new file mode 100644
index 000000000..ee49463fc
--- /dev/null
+++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties
@@ -0,0 +1,27 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# The properties in this file represent WSS4J's Crypto implementation which is
+# loaded and configured via a Java properties file that contains Crypto
+# configuration data. The file contains implementation-specific properties.
+# This application is using Merlin, an implementation of Crypto.
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=stsspass
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+
diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsstore.jks b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsstore.jks
new file mode 100644
index 000000000..4ba33e40e
Binary files /dev/null and b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsstore.jks differ
diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml b/demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml
new file mode 100644
index 000000000..159229a8c
--- /dev/null
+++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml
@@ -0,0 +1,5 @@
+
+
+
+
+
diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml b/demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml
new file mode 100644
index 000000000..f7a72826d
--- /dev/null
+++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml
@@ -0,0 +1,41 @@
+
+
+
+
+ java.lang.RuntimePermission
+ getClassLoader
+
+
+ java.util.PropertyPermission
+ user.dir
+ read
+
+
+ java.util.PropertyPermission
+ jboss.bind.address
+ read
+
+
+ java.lang.RuntimePermission
+ createClassLoader
+
+
+ java.lang.RuntimePermission
+ org.apache.cxf.permission
+ resolveUri
+
+
+
+ java.net.SocketPermission
+ *
+ connect,resolve
+
+
+ java.io.FilePermission
+ <<ALL FILES>>
+ read
+
+
diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml b/demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 000000000..0f43a1fc8
--- /dev/null
+++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,15 @@
+
+
+
+
+ TestSecurityTokenService
+ org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.SampleSTS
+
+
+ TestSecurityTokenService
+ /SecurityTokenService/*
+
+
diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl b/demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
new file mode 100644
index 000000000..393c16bfe
--- /dev/null
+++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
@@ -0,0 +1,312 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demos/wstrust/test/pom.xml b/demos/wstrust/test/pom.xml
new file mode 100644
index 000000000..30aa7afb0
--- /dev/null
+++ b/demos/wstrust/test/pom.xml
@@ -0,0 +1,110 @@
+
+
+
+
+
+ 4.0.0
+
+
+ org.jboss.intersmash
+ wstrust-parent
+ 0.0.1-SNAPSHOT
+ ../pom.xml
+
+
+ wstrust-test
+ Intersmash Demos : (Wildfly): Webservices Trust Example (test)
+
+
+
+ ${project.parent.parent.parent.basedir}/ide-config
+
+
+
+
+
+ org.jboss.intersmash
+ wstrust-shared
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-client
+
+
+ org.apache.cxf.services.sts
+ cxf-services-sts-core
+
+
+ org.apache.cxf
+ cxf-rt-ws-security
+
+
+ org.apache.cxf
+ cxf-core
+
+
+ org.glassfish.jaxb
+ jaxb-runtime
+ test
+
+
+ org.glassfish.jaxb
+ jaxb-core
+ test
+
+
+ javax.xml.bind
+ jaxb-api
+
+
+ org.jboss.ws.cxf
+ jbossws-cxf-test-utils
+
+
+ org.apache.cxf
+ cxf-rt-frontend-jaxws
+ test
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+
+ ${client.jvm.jpms.args}
+
+ false
+ false
+
+
+
+
+
diff --git a/demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java b/demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java
new file mode 100644
index 000000000..6da56be72
--- /dev/null
+++ b/demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java
@@ -0,0 +1,107 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.jboss.jaxws;
+
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.maven.settings.building.SettingsBuildingException;
+import org.eclipse.aether.resolution.ArtifactResolutionException;
+import org.jboss.intersmash.deployments.util.maven.ArtifactProvider;
+import org.jboss.intersmash.tools.application.openshift.BootableJarOpenShiftApplication;
+import org.jboss.intersmash.tools.application.openshift.input.BinarySource;
+
+import cz.xtf.builder.builders.SecretBuilder;
+import cz.xtf.builder.builders.secret.SecretType;
+import io.fabric8.kubernetes.api.model.EnvVar;
+import io.fabric8.kubernetes.api.model.EnvVarBuilder;
+import io.fabric8.kubernetes.api.model.Secret;
+
+public class STSWstrustOpenShiftJarApplication implements BootableJarOpenShiftApplication {
+ private String GROUPID = "org.jboss.intersmash";
+ private String ARTIFACTID = "wstrust-sts";
+ private String VERSION = "0.0.1-SNAPSHOT";
+ static final String BOOTABLE_JAR_ARTIFACT_PACKAGING = "jar";
+ static final String ARTIFACT_CLASSIFIER = "bootable-openshift";
+
+ static final EnvVar TEST_ENV_VAR = new EnvVarBuilder().withName("test-evn-key").withValue("test-evn-value").build();
+ static final String TEST_SECRET_FOO = "foo";
+ static final String TEST_SECRET_BAR = "bar";
+ static final Secret TEST_SECRET = new SecretBuilder("test-secret")
+ .setType(SecretType.OPAQUE).addData(TEST_SECRET_FOO, TEST_SECRET_BAR.getBytes()).build();
+
+ @Override
+ public BinarySource getBuildInput() {
+ Path file = null;
+ try {
+ file = ArtifactProvider.resolveArtifact(
+ GROUPID,
+ ARTIFACTID,
+ VERSION,
+ BOOTABLE_JAR_ARTIFACT_PACKAGING,
+ ARTIFACT_CLASSIFIER).toPath();
+ } catch (SettingsBuildingException | ArtifactResolutionException e) {
+ throw new RuntimeException("Can not get artifact", e);
+ }
+ return new BinarySourceImpl(file);
+ }
+
+ @Override
+ public List getSecrets() {
+ List secrets = new ArrayList<>();
+ // a secrete is not required for this app to run
+ return Collections.unmodifiableList(secrets);
+ }
+
+ @Override
+ public List getEnvVars() {
+ // The mock STS requires the URL of the service. This information
+ // is collected during test startup configuration and made available
+ // to STS on class creation.
+ List list = new ArrayList<>();
+ list.add(new EnvVarBuilder().withName(TEST_ENV_VAR.getName())
+ .withValue(TEST_ENV_VAR.getValue()).build());
+ list.add(new EnvVarBuilder().withName("SERVICE_ENDPOINT_URL")
+ .withValue(
+ String.format("http://%s/service-ROOT/SecurityService",
+ cz.xtf.core.openshift.OpenShifts.master()
+ .generateHostname(ServiceWstrustOpenShiftJarApplication.ARTIFACTID)))
+ .build());
+ return Collections.unmodifiableList(list);
+ }
+
+ @Override
+ public String getName() {
+ return ARTIFACTID;
+ }
+
+ // todo remove local class impl once intersmash issue #85 is resolved
+ class BinarySourceImpl implements BinarySource {
+ Path f;
+
+ public BinarySourceImpl(Path f) {
+ this.f = f;
+ }
+
+ public Path getArchive() {
+ return f;
+ }
+ }
+
+}
diff --git a/demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java b/demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java
new file mode 100644
index 000000000..79380a5e5
--- /dev/null
+++ b/demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java
@@ -0,0 +1,98 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.jboss.jaxws;
+
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.maven.settings.building.SettingsBuildingException;
+import org.eclipse.aether.resolution.ArtifactResolutionException;
+import org.jboss.intersmash.deployments.util.maven.ArtifactProvider;
+import org.jboss.intersmash.tools.application.openshift.BootableJarOpenShiftApplication;
+import org.jboss.intersmash.tools.application.openshift.input.BinarySource;
+
+import cz.xtf.builder.builders.SecretBuilder;
+import cz.xtf.builder.builders.secret.SecretType;
+import io.fabric8.kubernetes.api.model.EnvVar;
+import io.fabric8.kubernetes.api.model.EnvVarBuilder;
+import io.fabric8.kubernetes.api.model.Secret;
+
+public class ServiceWstrustOpenShiftJarApplication implements BootableJarOpenShiftApplication {
+ private String GROUPID = "org.jboss.intersmash";
+ static final String ARTIFACTID = "wstrust-service";
+ private String VERSION = "0.0.1-SNAPSHOT";
+ static final String BOOTABLE_JAR_ARTIFACT_PACKAGING = "jar";
+ static final String ARTIFACT_CLASSIFIER = "bootable-openshift";
+
+ static final EnvVar TEST_ENV_VAR = new EnvVarBuilder().withName("test-evn-key").withValue("test-evn-value").build();
+ static final String TEST_SECRET_FOO = "foo";
+ static final String TEST_SECRET_BAR = "bar";
+ static final Secret TEST_SECRET = new SecretBuilder("test-secret")
+ .setType(SecretType.OPAQUE).addData(TEST_SECRET_FOO, TEST_SECRET_BAR.getBytes()).build();
+
+ @Override
+ public BinarySource getBuildInput() {
+ Path file = null;
+ try {
+ file = ArtifactProvider.resolveArtifact(
+ GROUPID,
+ ARTIFACTID,
+ VERSION,
+ BOOTABLE_JAR_ARTIFACT_PACKAGING,
+ ARTIFACT_CLASSIFIER).toPath();
+ } catch (SettingsBuildingException | ArtifactResolutionException e) {
+ throw new RuntimeException("Can not get artifact", e);
+ }
+ return new BinarySourceImpl(file);
+ }
+
+ @Override
+ public List getSecrets() {
+ List secrets = new ArrayList<>();
+ // a secrete is not required for this app to run
+ return Collections.unmodifiableList(secrets);
+ }
+
+ @Override
+ public List getEnvVars() {
+ List list = new ArrayList<>();
+ list.add(new EnvVarBuilder().withName(TEST_ENV_VAR.getName())
+ .withValue(TEST_ENV_VAR.getValue()).build());
+ return Collections.unmodifiableList(list);
+ }
+
+ @Override
+ public String getName() {
+ return ARTIFACTID;
+ }
+
+ // todo remove local class impl once intersmash issue #85 is resolved
+ class BinarySourceImpl implements BinarySource {
+ Path f;
+
+ public BinarySourceImpl(Path f) {
+ this.f = f;
+ }
+
+ public Path getArchive() {
+ return f;
+ }
+ }
+
+}
diff --git a/demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java b/demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java
new file mode 100644
index 000000000..08cb9e13c
--- /dev/null
+++ b/demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java
@@ -0,0 +1,117 @@
+/**
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.jboss.jaxws;
+
+import jakarta.xml.ws.BindingProvider;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.assertj.core.api.Assertions;
+import org.jboss.intersmash.tools.annotations.Intersmash;
+import org.jboss.intersmash.tools.annotations.Service;
+import org.jboss.intersmash.tools.annotations.ServiceUrl;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface;
+import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.ClientCallbackHandler;
+import org.jboss.wsf.test.CryptoCheckHelper;
+import org.junit.jupiter.api.Test;
+
+@Intersmash({
+ @Service(ServiceWstrustOpenShiftJarApplication.class),
+ @Service(STSWstrustOpenShiftJarApplication.class)
+})
+public class WstrustOpenShiftJarTest {
+
+ @ServiceUrl(STSWstrustOpenShiftJarApplication.class)
+ private String stsOpenShiftUrl;
+
+ @ServiceUrl(ServiceWstrustOpenShiftJarApplication.class)
+ private String serviceOpenShiftUrl;
+
+ @Test
+ public void test() throws Exception {
+
+ Bus bus = BusFactory.newInstance().createBus();
+ try {
+ BusFactory.setThreadDefaultBus(bus);
+
+ final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
+ "SecurityService");
+ // service specified during the build to use the archive's name as the service's context-root
+ final URL wsdlURL = new URL(serviceOpenShiftUrl + "/service-ROOT/SecurityService?wsdl");
+ jakarta.xml.ws.Service service = jakarta.xml.ws.Service.create(wsdlURL, serviceName);
+ ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
+
+ final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService");
+ final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port");
+ // sts uses the wildfly-jar-maven-plugin's default behavior of deploying the archinve
+ // into Wildfly's root directory, hence no context-root is to be specified in the url.
+ URL stsURL = new URL(stsOpenShiftUrl + "/SecurityTokenService?wsdl");
+ setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
+
+ try {
+ Assertions.assertThat(proxy.sayHello()).isEqualTo("WS-Trust Hello World!");
+ } catch (Exception e) {
+ throw CryptoCheckHelper.checkAndWrapException(e);
+ }
+ } finally {
+ bus.shutdown(true);
+ }
+ }
+
+ private void setupWsseAndSTSClient(ServiceIface proxy, Bus bus, String stsWsdlLocation, QName stsService, QName stsPort) {
+ Map ctx = ((BindingProvider) proxy).getRequestContext();
+ setServiceContextAttributes(ctx);
+ ctx.put(SecurityConstants.STS_CLIENT, createSTSClient(bus, stsWsdlLocation, stsService, stsPort));
+ }
+
+ private void setServiceContextAttributes(Map ctx) {
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+ }
+
+ private static STSClient createSTSClient(Bus bus, String stsWsdlLocation, QName stsService, QName stsPort) {
+ STSClient stsClient = new STSClient(bus);
+ if (stsWsdlLocation != null) {
+ stsClient.setWsdlLocation(stsWsdlLocation);
+ stsClient.setServiceQName(stsService);
+ stsClient.setEndpointQName(stsPort);
+ }
+ Map props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+ return stsClient;
+ }
+}
diff --git a/demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties b/demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties
new file mode 100644
index 000000000..424320ac3
--- /dev/null
+++ b/demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties
@@ -0,0 +1,28 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# The properties in this file represent WSS4J's Crypto implementation which is
+# loaded and configured via a Java properties file that contains Crypto
+# configuration data. The file contains implementation-specific properties.
+# This application is using Merlin, an implementation of Crypto.
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
+org.apache.ws.security.crypto.merlin.keystore.file=src/test/resources/META-INF/clientstore.jks
+
diff --git a/demos/wstrust/test/src/test/resources/META-INF/clientstore.jks b/demos/wstrust/test/src/test/resources/META-INF/clientstore.jks
new file mode 100644
index 000000000..5c48cb437
Binary files /dev/null and b/demos/wstrust/test/src/test/resources/META-INF/clientstore.jks differ
diff --git a/demos/wstrust/test/src/test/resources/META-INF/services/org.junit.platform.launcher.TestExecutionListener b/demos/wstrust/test/src/test/resources/META-INF/services/org.junit.platform.launcher.TestExecutionListener
new file mode 100644
index 000000000..63b7383d3
--- /dev/null
+++ b/demos/wstrust/test/src/test/resources/META-INF/services/org.junit.platform.launcher.TestExecutionListener
@@ -0,0 +1,2 @@
+cz.xtf.junit5.listeners.TestExecutionLogger
+cz.xtf.junit5.listeners.ProjectCreator
diff --git a/demos/wstrust/test/src/test/resources/logback.xml b/demos/wstrust/test/src/test/resources/logback.xml
new file mode 100644
index 000000000..972f6d015
--- /dev/null
+++ b/demos/wstrust/test/src/test/resources/logback.xml
@@ -0,0 +1,59 @@
+
+
+
+
+
+
+ ${console-log-level:-INFO}
+
+
+ [%d] %-5p- %m%n
+
+
+
+ 300
+
+
+
+
+ log/test.log
+ false
+
+ DEBUG
+
+
+ [%d] %-5level [%thread]: %message%n
+
+
+
+ 300
+
+
+
+
+ log/everything.log
+ false
+
+ [%d] %-5p- %m%n
+
+
+
+ 300
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+