From 4c15663e070c66b3b66e6ebafff5161324a17bc4 Mon Sep 17 00:00:00 2001 From: R Searls Date: Wed, 18 Oct 2023 13:03:37 -0400 Subject: [PATCH] wstrust, a 2 pod testcase --- demos/pom.xml | 1 + demos/wstrust/README.md | 149 +++++++++ demos/wstrust/pom.xml | 161 +++++++++ demos/wstrust/service/pom.xml | 162 +++++++++ .../samples/wsse/policy/jaxws/SayHello.java | 27 ++ .../wsse/policy/jaxws/SayHelloResponse.java | 40 +++ .../trust/service/ServerCallbackHandler.java | 34 ++ .../policy/trust/service/ServiceImpl.java | 34 ++ .../src/main/webapp/META-INF/MANIFEST.MF | 4 + .../classes/serviceKeystore.properties | 24 ++ .../webapp/WEB-INF/classes/servicestore.jks | Bin 0 -> 3475 bytes .../WEB-INF/jboss-deployment-structure.xml | 8 + .../src/main/webapp/WEB-INF/permissions.xml | 41 +++ .../webapp/WEB-INF/wsdl/SecurityService.wsdl | 164 +++++++++ .../WEB-INF/wsdl/SecurityService_schema1.xsd | 18 + ...s-testsuite-default-elytron-CLI.properties | 5 + .../jbws-testsuite-default-elytron.cli | 133 ++++++++ .../digest-jbossws-roles.properties | 2 + .../digest-jbossws-users.properties | 4 + .../ejb-digest-jbossws-users.properties | 4 + .../standalone/configuration/test.keystore | Bin 0 -> 2694 bytes .../configuration/ws-digest-users.properties | 2 + .../configuration/ws-roles.properties | 1 + .../configuration/ws-users.properties | 2 + demos/wstrust/shared/pom.xml | 51 +++ .../policy/trust/service/ServiceIface.java | 25 ++ .../trust/shared/ClientCallbackHandler.java | 46 +++ .../shared/UsernameTokenCallbackHandler.java | 169 ++++++++++ .../policy/trust/shared/WSTrustAppUtils.java | 48 +++ demos/wstrust/sts/pom.xml | 163 +++++++++ .../policy/trust/sts/STSCallbackHandler.java | 34 ++ .../wsse/policy/trust/sts/SampleSTS.java | 69 ++++ .../sts/src/main/webapp/META-INF/MANIFEST.MF | 3 + .../WEB-INF/classes/stsKeystore.properties | 27 ++ .../main/webapp/WEB-INF/classes/stsstore.jks | Bin 0 -> 5570 bytes .../sts/src/main/webapp/WEB-INF/jboss-web.xml | 5 + .../src/main/webapp/WEB-INF/permissions.xml | 41 +++ .../sts/src/main/webapp/WEB-INF/web.xml | 15 + .../WEB-INF/wsdl/ws-trust-1.4-service.wsdl | 312 ++++++++++++++++++ demos/wstrust/test/pom.xml | 110 ++++++ .../STSWstrustOpenShiftJarApplication.java | 107 ++++++ ...ServiceWstrustOpenShiftJarApplication.java | 98 ++++++ .../jboss/jaxws/WstrustOpenShiftJarTest.java | 117 +++++++ .../META-INF/clientKeystore.properties | 28 ++ .../test/resources/META-INF/clientstore.jks | Bin 0 -> 5571 bytes ...it.platform.launcher.TestExecutionListener | 2 + .../test/src/test/resources/logback.xml | 59 ++++ 47 files changed, 2549 insertions(+) create mode 100644 demos/wstrust/README.md create mode 100644 demos/wstrust/pom.xml create mode 100644 demos/wstrust/service/pom.xml create mode 100644 demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java create mode 100644 demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java create mode 100644 demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java create mode 100644 demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java create mode 100644 demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF create mode 100644 demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties create mode 100644 demos/wstrust/service/src/main/webapp/WEB-INF/classes/servicestore.jks create mode 100644 demos/wstrust/service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml create mode 100644 demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml create mode 100644 demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl create mode 100644 demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd create mode 100644 demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties create mode 100644 demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/test.keystore create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties create mode 100644 demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties create mode 100644 demos/wstrust/shared/pom.xml create mode 100644 demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java create mode 100644 demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java create mode 100644 demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java create mode 100644 demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java create mode 100644 demos/wstrust/sts/pom.xml create mode 100644 demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java create mode 100644 demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java create mode 100644 demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF create mode 100644 demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties create mode 100644 demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsstore.jks create mode 100644 demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml create mode 100644 demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml create mode 100644 demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml create mode 100644 demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl create mode 100644 demos/wstrust/test/pom.xml create mode 100644 demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java create mode 100644 demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java create mode 100644 demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java create mode 100644 demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties create mode 100644 demos/wstrust/test/src/test/resources/META-INF/clientstore.jks create mode 100644 demos/wstrust/test/src/test/resources/META-INF/services/org.junit.platform.launcher.TestExecutionListener create mode 100644 demos/wstrust/test/src/test/resources/logback.xml diff --git a/demos/pom.xml b/demos/pom.xml index 4b24e9655..38d34c3cd 100644 --- a/demos/pom.xml +++ b/demos/pom.xml @@ -17,6 +17,7 @@ ws-bootable-jar-example + wstrust diff --git a/demos/wstrust/README.md b/demos/wstrust/README.md new file mode 100644 index 000000000..e256b51d1 --- /dev/null +++ b/demos/wstrust/README.md @@ -0,0 +1,149 @@ +Web Service Trust - A 2 Pods WildFly test case +======= + +This module is an example of testing a jaxws application that requires 2 communicating OpenShift pods. +One pod is a Security Token Service (STS). The other is the web service provider. The test itself +is the web service requester. Modules sts and service build a bootable jar that is deployed to OpenShift. + +# Test Overview + +This example is a basic WS-Trust scenario. +The service provider requires a SAML 2.0 token issued from a designed STS to be presented by the +service requester using asymmetric binding. These communication requirements are declared in the +service provider’s WSDL. The STS requires service requester credentials be provided in a WSS +UsernameToken format request using symmetric binding. The STS’s response is provided containing +a SAML 2.0 token. These communication requirements are declared in the STS’s WSDL. + + 1. A service requester contacts the service provider and consumes its WSDL. Upon finding the security token issuer requirement, it creates and configures a STSClient with the information it requires to generate a proper request. + + 2. The STSClient contacts the STS and consumes its WSDL. The security policies are discovered. The STSClient creates and sends an authentication request, with appropriate credentials. + + 3. The STS verifies the credentials. + + 4. In response, the STS issues a security token that provides proof that the service requester has authenticated with the STS. + + 5. The STSClient presents a message with the security token to the service provider. + + 6. The service provider verifies the token was issued by the STS, thus proving the service requester has successfully authenticated with the STS. + + 7. The service provider executes the requested service and returns the results to the service requester. + + +# Example layout + +This example consists of 4 modules and 2 reference directories. + +- modules + * _shared:_ contains class files that are shared among modules, sts, service and test. + + * _sts:_ a mock STS implementation. + + * _service:_ the service implementation. + + * _test:_ the test code. + +- directories + * _shared-cli-scripts:_ contains a Wildfly CLI script and corresponding properties file. The script + configures Wildfly's `standalone.xml` file providing the needed security information. + Modules sts and service are both configured with the same information. + + * _shared-extra-content:_ contains the keystore and property files provided to Wildfly. + + + +# Test Configuration + +In Wildfly a deployable archive named **ROOT** (e.g ROOT.war) has special meaning. +Wildfly automatically deploys an archive with this name into its root directory, +"/", and this forces the application's context-root to be empty. [1] +The format for the url of a webservices application is +~~~~ +http://:// +~~~~ + When the context-root +is not explicitly defined in a `web.xml` or `jboss-web.xml` file in the archive, +the archive's name is used. For example the context-root of a webservice +archive named `MyWebservice.war` in which no context-root has been explicitly +defined would be MyWebservice. The url would be, +~~~~ +http://:/MyWebservice/ +~~~~ + +When a webservice archive is named **ROOT** the application's context-root must be +explicitly defined to be empty so that the url can properly be resolved. This can be achieved +by adding a `jboss-web.xml` file to the archive that contains the following, + + + + + + + +In troubleshooting a webservice's url, +a method to determine the expected url is to startup Wildfly and look for +the following information in the server.log or the terminal window. + +~~~~ + ... JBWS024061: Adding service endpoint metadata: id=org.jboss.jaxws.EndpointImpl + address=http://jbossws.undefined.host:8080/EndpointServiceSERVICE + implementor=org.jboss.jaxws.EndpointImpl + serviceName={http://org.jboss.ws/cxf/container}EndpointServiceSERVICE + portName={http://org.jboss.ws/cxf/container}EndpointService + annotationWsdlLocation=null + wsdlLocationOverride=null + mtomEnabled=false +~~~~ + + +The `address` above displays the url information of the service. + +__Note:__ + +Be aware that `wildfly-jar-maven-plugin` by default places any deployed archive +into Wildfly's root directory; the archive does not need to be named ROOT. [2] +This behavior can be changed to use the WAR file name as the context-root +by specifying the `false` element in the plugin's +configuration section. [3] + +The wstrust example demonstrates both context-root scenarios. Module, sts, builds an archive +named `sts-ROOT.war`, that is deployed by the `wildfly-jar-maven-plugin` into Wildfly's +root directory. +The archive name is declared by the `` element in the `maven-war-plugin`. +A `jboss-web.xml` file as described above is provided in the `sts/src/main/webapp/WEB-INF/` +directory. No `` element is declared in the `wildfly-jar-maven-plugin`'s +configuration section to change its default behavior of deploying the archive into +Wildfly's root directory. In `WstrustOpenShiftJarTest` the URL to the STS does not reference +the war filename because an empty context-root is being used. Module, service, builds an +archive named `service-ROOT.war`, that is deployed by the `wildfly-jar-maven-plugin` into Wildfly +but uses the archive name as the service's context-root. The archive name is declared in the +`` element in the `maven-war-plugin`. In the `wildfly-jar-maven-plugin`'s configuration +section, element `` is declared to be *false*. This causes the archive name +to be used as the context-root. In `WstrustOpenShiftJarTest` the URL to the service contain +`service-ROOT`. + +__Mock STS Configuration__ + +The mock STS provider needs to be configured with the service provider's url. +Intersmash uses a fabric8 kubernetes `EvnVar` object to pass the provider's url string from +the test setup code to the sts provider. Class `STSWstrustOpenShiftJarApplication` +provides the information via its `getEnvVars` method. + +__Build and Run__ + +The test can be built and run with the following commands. + +~~~~ + mvn clean install -DskipTests -Pdemo + mvn test -pl demos/wstrust/test -Dtest=WstrustOpenShiftJarTest -Pdemo \ + -Dxtf.test_properties.path=/ABSOLUTE/PATH/TO/test.properties +~~~~ + + +__References__ + +[1] https://www.mastertheboss.com/web/jboss-web-server/how-to-deploy-a-web-application-on-the-root-context-on-jboss-as-7/ + +[2] https://docs.wildfly.org/bootablejar/#wildfly_jar_url_context + +[3] https://docs.wildfly.org/bootablejar/#contextRoot diff --git a/demos/wstrust/pom.xml b/demos/wstrust/pom.xml new file mode 100644 index 000000000..bb95634b1 --- /dev/null +++ b/demos/wstrust/pom.xml @@ -0,0 +1,161 @@ + + + 4.0.0 + + org.jboss.intersmash + intersmash-demos + 0.0.1-SNAPSHOT + ../pom.xml + + wstrust-parent + pom + + Intersmash Demos : (Wildfly): Webservices Trust Example (parent) + + + shared + sts + service + test + + + + 6.2.6.Final + 6.2.6.Final + + 2.0.1 + 10.0.0 + + 7.0.0.Final + 4.0.2 + 4.0.4 + 2.4.0-b180830.0359 + + + + + + + org.jboss.resteasy + resteasy-bom + ${version.resteasy-bom} + pom + import + + + org.jboss.resteasy + resteasy-client-api + ${version.resteasy-client-api} + + + jakarta.platform + jakarta.jakartaee-api + ${version.jakarta.jakartaee-api} + provided + + + jakarta.inject + jakarta.inject-api + ${version.jakarta.inject-api} + provided + + + io.fabric8 + generator-annotations + ${version.io.fabric8} + + + io.fabric8 + openshift-client + ${version.openshift-client} + + + org.jboss.ws.cxf + jbossws-cxf-client + ${version.jbossws-cxf} + + + org.jboss.slf4j + slf4j-jboss-logging + + + + + org.jboss.intersmash + wstrust-shared + ${project.version} + + + org.apache.cxf.services.sts + cxf-services-sts-core + ${version.org.apache.cxf} + + + org.springframework + * + + + org.apache.cxf + cxf-rt-ws-security + + + + + org.apache.cxf + cxf-rt-ws-security + ${version.org.apache.cxf} + + + org.ehcache + ehcache + + + + + org.apache.cxf + cxf-core + ${version.org.apache.cxf} + + + org.jboss.ws.cxf + jbossws-cxf-test-utils + ${version.jbossws-cxf} + + + org.apache.cxf + cxf-rt-frontend-jaxws + ${version.org.apache.cxf} + + + javax.xml.bind + jaxb-api + ${version.jaxb-api} + + + org.glassfish.jaxb + jaxb-runtime + ${version.org.glassfish.jaxb} + + + org.glassfish.jaxb + jaxb-core + ${version.org.glassfish.jaxb} + + + + + + + org.jboss.intersmash + intersmash-tools-provisioners + ${project.version} + test + + + org.jboss.intersmash + intersmash-deployments-provider + + + diff --git a/demos/wstrust/service/pom.xml b/demos/wstrust/service/pom.xml new file mode 100644 index 000000000..2090cdeee --- /dev/null +++ b/demos/wstrust/service/pom.xml @@ -0,0 +1,162 @@ + + + + + + 4.0.0 + + + org.jboss.intersmash + wstrust-parent + 0.0.1-SNAPSHOT + ../pom.xml + + + wstrust-service + war + + Intersmash Demos : (Wildfly): Webservices Trust Example (service) + + + ${project.parent.parent.parent.basedir}/ide-config + + 3.3.2 + + 10.0.0.Final + + 29.0.1.Final + + + + + org.jboss.ws.cxf + jbossws-cxf-client + + + org.jboss.intersmash + wstrust-shared + + + + + + org.apache.maven.plugins + maven-war-plugin + ${version.maven-war-plugin} + + + %regex[^WEB-INF\/lib\/(?!wstrust-shared-.*\.jar$).*$] + service-ROOT + + ${project.basedir}/src/main/webapp/META-INF/MANIFEST.MF + + + + + process-classes + + war + + + + + + org.wildfly.plugins + wildfly-jar-maven-plugin + ${version.wildfly-jar-maven-plugin} + + + create-bootable-jar-openshift + process-test-sources + + package + + + + + false + ${project.build.finalName}-bootable-openshift.jar + + + + org.wildfly:wildfly-galleon-pack:${version.wildfly.feature-pack} + + + + cloud-server + webservices + + + + ${project.basedir}/../shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties + + + + + + + ${project.basedir}/../shared-extra-content + + + + true + + + + + + + + + org.apache.maven.plugins + maven-install-plugin + + + install-bootable-jar-openshift + generate-test-resources + + install-file + + + ${project.groupId} + ${project.artifactId} + ${project.version} + jar + bootable-openshift + ${project.build.directory}/${project.build.finalName}-bootable-openshift.jar + + + + + + + diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java new file mode 100644 index 000000000..67580d4ed --- /dev/null +++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.java @@ -0,0 +1,27 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.jaxws; + +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlRootElement; +import jakarta.xml.bind.annotation.XmlType; + +@XmlRootElement(name = "sayHello", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy") +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "sayHello", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy") +public class SayHello { +} diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java new file mode 100644 index 000000000..d53be36ea --- /dev/null +++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.java @@ -0,0 +1,40 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.jaxws; + +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlRootElement; +import jakarta.xml.bind.annotation.XmlType; + +@XmlRootElement(name = "sayHelloResponse", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy") +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "sayHelloResponse", namespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy") +public class SayHelloResponse { + + @XmlElement(name = "return", namespace = "") + private String _return; + + public String getReturn() { + return this._return; + } + + public void setReturn(String _return) { + this._return = _return; + } + +} diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java new file mode 100644 index 000000000..f154235fb --- /dev/null +++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServerCallbackHandler.java @@ -0,0 +1,34 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service; + +import java.util.HashMap; +import java.util.Map; + +import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler; + +public class ServerCallbackHandler extends PasswordCallbackHandler { + + public ServerCallbackHandler() { + super(getInitMap()); + } + + private static Map getInitMap() { + Map passwords = new HashMap(); + passwords.put("myservicekey", "skpass"); + return passwords; + } +} diff --git a/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java new file mode 100644 index 000000000..886ad080b --- /dev/null +++ b/demos/wstrust/service/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceImpl.java @@ -0,0 +1,34 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service; + +import jakarta.jws.WebService; + +import org.apache.cxf.annotations.EndpointProperties; +import org.apache.cxf.annotations.EndpointProperty; + +@WebService(portName = "SecurityServicePort", serviceName = "SecurityService", wsdlLocation = "WEB-INF/wsdl/SecurityService.wsdl", targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface") +@EndpointProperties(value = { + @EndpointProperty(key = "ws-security.signature.username", value = "myservicekey"), + @EndpointProperty(key = "ws-security.signature.properties", value = "serviceKeystore.properties"), + @EndpointProperty(key = "ws-security.encryption.properties", value = "serviceKeystore.properties"), + @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServerCallbackHandler") +}) +public class ServiceImpl implements ServiceIface { + public String sayHello() { + return "WS-Trust Hello World!"; + } +} diff --git a/demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF b/demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 000000000..b21799bc7 --- /dev/null +++ b/demos/wstrust/service/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,4 @@ +Manifest-Version: 1.0 +Dependencies: org.jboss.ws.cxf.jbossws-cxf-client +jbws-COMMENT: https://jbossws.github.io/documentation/7.0.0.Final/JBossWS-CXF/#advanced-user-guide 5.13.4. A Basic WS-Trust Scenario, MANIFEST.MF + diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties new file mode 100644 index 000000000..7657a5f70 --- /dev/null +++ b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/serviceKeystore.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=sspass +org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey +org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks + diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/classes/servicestore.jks b/demos/wstrust/service/src/main/webapp/WEB-INF/classes/servicestore.jks new file mode 100644 index 0000000000000000000000000000000000000000..999ee824c3248c0b89da0336bdc451678795fbc2 GIT binary patch literal 3475 zcmds(XHe728pc!TArz^CN<#1cLugW@t3e=vBmx3bBT_;*fE4K<5m1n(QUyesf*eso z5kwFW=|!XpN19TU4i^sK1&`;9bLQT;b3fkuVQ1%kc4ueb-FKh;?SI+-0s?^`e>Em@ zfVYpg8z}$;0^>e>xY-7xw~$u?PJuwsEg%BA21GzcbD$6~1VZO_GHMTiGcZe2&r!GF zU@(jx1cVo(U;r}%lt{5oB;b_z{JI5Z0{A|ZtvlQIs$MUN{n30y7ulqE@X-q z2_*$c9BM3F2)sSn)18FC6YvN*IfMz8fH;FSL*UG?`b0ef25W-i1-K8V!noiV0z#kU zY47DjCVBXvxPc>wI+P3M=jSJXkb}G4prfl_<;DFPe!Tpr`h7g1=?Zhfr3l$yS})L+eHF_M z%JhTeOLL!tCWCUAm-rH2@T2$Hc~~a^7v$L646RrzwiLZR)vZ)3t^#5@?_j`}=Bw9S z=lCB;OxEd-mTEo7kzUjg$r8Cu;xvUy#Xv`>4QrV9VcE`2N8wR-n#XRAa#o*mVQit1 zWrAk}->8YrdCTny@$lrgJJ7}H7zT1k2wD!V(yO~o7#R1B@Lex!Fpl>%_(kywJmaW^ zYIkgR;Pd7**_R)sZ#v8tC)78=YTM7c;McU%iYqB*>akaLZ+(h<|7^sgDR91Pez6Ef z$Cwj1lW=#MrgouZ&=4wc=F&Q+Ze{hVA-Utg8^9pe179F{`MNlg{`7`1bSDTz4+bLW z_5d~p78wRG9atK|2|lPjx(K>C6epKbA-9>iRQqG}l_$A;kH$|p2}tI(XBl09Y4_u= z^&{yo!txor)V6w{@aksY4HFCRC7Pgp*&Uuncg%B&k)5C{TK#;2f3k{Wq}{hbUteWZ zmfP=URTQWCl+4Ky`p;5ZZ{ze&4O)Qqd2`RyK6bV6-jqzRco>nX(NBOUTANwVT->v` zH9S!;Um5N8wJIUH;<;$2;E3i_$7EAy8vUF~=z0P*mAEU2t+F|Xc;uTmn>`OrV%M=! z=j>U1Yjz|jp@b*{e8PNc?QrFN=NQ5Ga4W{F8KMh$n!TX1qlnXuc>VaHL;Gy6~IpSELb%RIX2u(#U(d7f85)+jVuVl%?{a) z4G=fc_WB%G?*p@lJP3-(8glfQzb>p*blc?4wN@h5v6=Alv!PN)5xC=)i+qHM4y^R} zMR&ej0nFFnM1Krq*fgp`-$ODM^}ynp;;hAO3aK?)s-V-2M%a#jg$leRnJe>NFEu?A zAgNM}7EUD24;KcOw-AFeojqU2OFqj7+ptB<%I*hMC~2-TG+R$5={QLzO-$V^+Gpr| zoyct4m=j7T>zz7a=$&Q5+3S)VD7L483{6InFixhCd!wnEPVc7bEPsoB3My9>&%-4s zb2JAz=$@RG&z(I)0bw1eD{XsxqouZG zLfWwJxDpvH;ubDI9>8Z1yza5J@KknheG;@_wTU+HDWoWD zuSd#==o62@zYJdU+92{O70{UZUS!!-*hJzx@~BUQkI7TRRZ1&E5F9H3xMm$MPeLnq zP4oz@_}&2KrRwfK4AW@xisNn6zQV<@Bl;(TZ|WE#8@l&%cT|mfyc_Dz>0QrZ|GY`T zC6wF;#7sD1)d4t>>D5T2qJ2T|=+NVON&4cGVZ@=d{iw>$hZya**m<0gm&iK99j_~o zF3N6jU2&WbJKF!KMXe4ZhWF{)a3(HoM+rzub1GpU$=a2LU=unU>_#k`5?>3eMZd!s zPAr{}{(vhZD6o4~%)lhI6Cp!4bQkL0o%XEFjwvuG4Pod%$|00o!SwUAHtT$h}&Lu!S6FoHMEKxE%2wN2Tru#LNRP!dJ@vNWp@vt*F*G`e8 z_;ZF>TXrRudc4B1gY%A|n{(%t;*f=|(Te@&dlpkz^oO}I)6dM84a+VEL&+-;qXpq# zJ9wL`-Uw4G*sN>EgPSBuy4Gui1e*s+l((L=Vs>qR6S=E2(3mT1MYc(B80~a; zIe&4mZSA8UJ6K+`9o-v@D4t-o78N&(NlJH;JYnOPT;6sTuW|EtdaLYY4}V$w*U`id zEk1Wfz0jr^RYivJcNf=@Uwe<$XBP@KOchJ`RHMU>Nqx7+KOu=u?!XVF4nT?X2P8=v za##QDQvt%8{v9Nlko*vq6fZXv$AP7Oha^VbtCug^yHikVfa;;b!iD;QNaiF51pW_8 zM&P_CzAjEAum6&n_yOKOn2G&6GySpHcWx2}5I=Jh*AMU4{?Q-K`I(>4Xa&We`00E2 z|B~i^LMtjx%*5zuytn!0NMEIb<>mlrg+|9(bE`GcYK1?YT{R;p{3D)8t4C@qJA0ZK zQ%(zl+j%aL5z{wvIItVc$qMkKySu)n4OP?1TTS!L{j!DK#fdvQ1%f#6V zk?r1|J03W(K|&VM!0*4#)rh?r_Ri(%xO7)JI4tB?R!r2>nEr5VLYbzj_*P{1H=nhJ zI^w@VE6>@8jmNnhJt`lPu-l6z%Y7z})_;2i-_eRtbgz8U>XB_180Ps<^lXIxC28}f zm0w{Wa_OzwLsu9xcMCZlI`8k9FuHj&&6K^3j~lHqcZpSL+uX^N)6!7RbIR`@COj}* zD`RKbmwgw!3@tojGP6n!DWan-f6(KGtgI}CxFBt1_fYK|yqWCgf}J$U;mi7q73Pr{ zPMBo<>u$KQtfi*}h36@CXQ%oANUudP(Wl#IKay>s=4oomu}-^(Yfj!G{=U^ZZ;@0U zfI+Or3B}JZ5fE^aqU-Mwg0V?i5gTNhWkL8GXW*C1sRf8N + + + + + + + diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml b/demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml new file mode 100644 index 000000000..f7a72826d --- /dev/null +++ b/demos/wstrust/service/src/main/webapp/WEB-INF/permissions.xml @@ -0,0 +1,41 @@ + + + + + java.lang.RuntimePermission + getClassLoader + + + java.util.PropertyPermission + user.dir + read + + + java.util.PropertyPermission + jboss.bind.address + read + + + java.lang.RuntimePermission + createClassLoader + + + java.lang.RuntimePermission + org.apache.cxf.permission + resolveUri + + + + java.net.SocketPermission + * + connect,resolve + + + java.io.FilePermission + <<ALL FILES>> + read + + diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl new file mode 100644 index 000000000..e3f76e7c8 --- /dev/null +++ b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService.wsdl @@ -0,0 +1,164 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://@jboss.bind.address@:@add_int(port-offset.cxf-tests.jboss,8080)@/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService + + stsns:SecurityTokenService + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd new file mode 100644 index 000000000..dadc87a0f --- /dev/null +++ b/demos/wstrust/service/src/main/webapp/WEB-INF/wsdl/SecurityService_schema1.xsd @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + + + + + diff --git a/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties new file mode 100644 index 000000000..a8737a3be --- /dev/null +++ b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties @@ -0,0 +1,5 @@ +#Mon, 23 Oct 2023 10:54:34 -0400 + +usersPropFile=digest-jbossws-users.properties +rolesPropFile=digest-jbossws-roles.properties +keystorePath=test.keystore diff --git a/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli new file mode 100644 index 000000000..a3fef5b72 --- /dev/null +++ b/demos/wstrust/shared-cli-scripts/jbws-testsuite-default-elytron.cli @@ -0,0 +1,133 @@ + +##embed-server --std-out=echo --server-config=jbws-testsuite-default.xml + + +## jbws-testsuite-default-elytron-CLI.properties contents +##set testResourcesDir=${testResourcesDir} +set usersPropFile=${usersPropFile} +set rolesPropFile=${rolesPropFile} +set keystorePath=${keystorePath} + + +## must build configuration elements from the bottom up +## 1. realm +## 2. security domain +## 3. ejb3 ref and undertow ref +## 4. misc ref + +##----- JBossWS domain config --------- +# 1. +echo JBossWS domain config +./subsystem=elytron/properties-realm=JBossWS \ + :add(users-properties={relative-to=jboss.server.config.dir, path=ejb-digest-jbossws-users.properties, plain-text=true}, \ + groups-properties={relative-to=jboss.server.config.dir, path=digest-jbossws-roles.properties}) +# 2. +./subsystem=elytron/security-domain=JBossWS \ + :add(default-realm=JBossWS, permission-mapper=default-permission-mapper, \ + realms=[{realm=JBossWS,role-decoder=groups-to-roles}]) +# 3. +./subsystem=elytron/http-authentication-factory=JBossWS \ + :add(security-domain=JBossWS, http-server-mechanism-factory=global, \ + mechanism-configurations=[{mechanism-name=BASIC, \ + mechanism-realm-configurations=[{realm-name=JBossWS}] }]) +# 4. +./subsystem=ejb3/application-security-domain=JBossWS:add(security-domain=JBossWS) +./subsystem=undertow/application-security-domain=JBossWS \ + :add(http-authentication-factory=JBossWS) + +##----- ws-basic-domain domain config --------- +echo ws-basic-domain domain config +# 1. +./subsystem=elytron/properties-realm=ws-basic-domain \ + :add(users-properties={relative-to=jboss.server.config.dir, path=ws-users.properties, plain-text=true}, \ + groups-properties={relative-to=jboss.server.config.dir, path=ws-roles.properties}) +# 2. +./subsystem=elytron/security-domain=ws-basic-domain \ + :add(default-realm=ws-basic-domain, permission-mapper=default-permission-mapper, \ + realms=[{realm=ws-basic-domain,role-decoder=groups-to-roles}]) +# 3. +./subsystem=elytron/http-authentication-factory=ws-basic-domain \ + :add(security-domain=ws-basic-domain, http-server-mechanism-factory=global, \ + mechanism-configurations=[{mechanism-name=BASIC, \ + mechanism-realm-configurations=[{realm-name=ws-basic-domain}] }]) +# 4. +./subsystem=ejb3/application-security-domain=ws-basic-domain \ + :add(security-domain=ws-basic-domain) +./subsystem=undertow/application-security-domain=ws-basic-domain \ + :add(http-authentication-factory=ws-basic-domain) + + +##----- ws-digest-domain domain config --------- +echo ws-digest-domain domain config +# 1. +./subsystem=elytron/properties-realm=ws-digest-domain \ + :add(users-properties={relative-to=jboss.server.config.dir, path=ws-digest-users.properties}, \ + groups-properties={relative-to=jboss.server.config.dir, path=ws-roles.properties}) +# 2. +./subsystem=elytron/security-domain=ws-digest-domain \ + :add(default-realm=ws-digest-domain, permission-mapper=default-permission-mapper, \ + realms=[{realm=ws-digest-domain,role-decoder=groups-to-roles}]) +# 3. +./subsystem=elytron/http-authentication-factory=ws-digest-domain \ + :add(security-domain=ws-digest-domain, http-server-mechanism-factory=global, \ + mechanism-configurations=[{mechanism-name=DIGEST, \ + mechanism-realm-configurations=[{realm-name=ws-digest-domain}] }]) +# 4. +./subsystem=undertow/application-security-domain=ws-digest-domain \ + :add(http-authentication-factory=ws-digest-domain) + +##----- JBossWSDigest domain config --------- +echo JBossWSDigest domain config +# 1. +./subsystem=elytron/properties-realm=JAASJBossWSDigestRealm \ + :add(users-properties={relative-to=jboss.server.config.dir, path=digest-jbossws-users.properties, plain-text=true}, \ + groups-properties={relative-to=jboss.server.config.dir, path=digest-jbossws-roles.properties}) +# 2. +./subsystem=elytron/security-domain=JBossWSDigest \ + :add(default-realm=JAASJBossWSDigestRealm, permission-mapper=default-permission-mapper, \ + realms=[{realm=JAASJBossWSDigestRealm,role-decoder=groups-to-roles}]) +# 3. +./subsystem=elytron/http-authentication-factory=JBossWSDigest \ + :add(security-domain=JBossWSDigest, http-server-mechanism-factory=global, \ + mechanism-configurations=[{mechanism-name=BASIC, \ + mechanism-realm-configurations=[{realm-name=JAASJBossWSDigestRealm}] }]) +# 4. +./subsystem=undertow/application-security-domain=JBossWSDigest \ + :add(http-authentication-factory=JBossWSDigest) + + +##----- JAASJBossWS domain config --------- +echo JAASJBossWS domain config +# 1. +./subsystem=elytron/properties-realm=JAASJBossWSRealm \ + :add(users-properties={relative-to=jboss.server.config.dir, path=$usersPropFile, plain-text=true}, \ + groups-properties={relative-to=jboss.server.config.dir, path=$rolesPropFile}) +# 2. +./subsystem=elytron/security-domain=JAASJBossWS \ + :add(default-realm=JAASJBossWSRealm, permission-mapper=default-permission-mapper, \ + realms=[{realm=JAASJBossWSRealm,role-decoder=groups-to-roles}]) +# 3. +./subsystem=elytron/http-authentication-factory=JAASJBossWS \ + :add(security-domain=JAASJBossWS, http-server-mechanism-factory=global, \ + mechanism-configurations=[{mechanism-name=BASIC, \ + mechanism-realm-configurations=[{realm-name=JAASJBossWSRealm}] }]) +# 4. +./subsystem=undertow/application-security-domain=JAASJBossWS \ + :add(http-authentication-factory=JAASJBossWS) + + +##----- alter elytron/tls/key-stores/key-store settings ----- +echo key-store conf +./subsystem=elytron/key-store=applicationKS/ \ + :write-attribute(name=credential-reference, value=clear-text=password) +./subsystem=elytron/key-store=applicationKS \ + :write-attribute(name=path, value=$keystorePath) +./subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to, value=jboss.server.config.dir) + +##----- alter elytron/tls/key-managers/key-manager settings ----- +./subsystem=elytron/key-manager=applicationKM \ + :write-attribute(name=credential-reference, value=clear-text=password) +./subsystem=elytron/key-manager=applicationKM \ + :write-attribute(name=alias-filter, value=jboss) + +## stop-embedded-server diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties new file mode 100644 index 000000000..b37a12bbc --- /dev/null +++ b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-roles.properties @@ -0,0 +1,2 @@ +# A sample roles.properties file for use with the UsersRolesLoginModule +kermit=friend diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties new file mode 100644 index 000000000..0770449b7 --- /dev/null +++ b/demos/wstrust/shared-extra-content/standalone/configuration/digest-jbossws-users.properties @@ -0,0 +1,4 @@ +# A sample users.properties file for use with the UsersRolesLoginModule +#Elytron requires this +#$REALM_NAME=JAASJBossWSDigestRealm$ This line is used by the add-user utility to identify the realm name already used in this file. +kermit=therealfrog diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties new file mode 100644 index 000000000..ac5ee5d89 --- /dev/null +++ b/demos/wstrust/shared-extra-content/standalone/configuration/ejb-digest-jbossws-users.properties @@ -0,0 +1,4 @@ +# A sample users.properties file for use with the UsersRolesLoginModule +#Elytron requires this +#$REALM_NAME=JBossWS$ This line is used by the add-user utility to identify the realm name already used in this file. +kermit=therealfrog diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/test.keystore b/demos/wstrust/shared-extra-content/standalone/configuration/test.keystore new file mode 100644 index 0000000000000000000000000000000000000000..43f9fb19998d5461bedce10d5424a4eacf8a9614 GIT binary patch literal 2694 zcma);dpHx08ppTU#zqH{=Y8JK_x-+qexDc55@msaLU@*_IuxeLIl);) z0EK~REKxZyOBDSJ@4>Sm`Tr$B9)VeqlwUaESKWi|`i~1P3IwIGAjZF-A>Qq`1A@TY zzjEGz=E!0m5LtFBJBb2ii*4z5T)z}CS=D7`9gj?N7~UidQZ~AwN~z==?6!Ac z+ip(j$(UAVH|KUM^TX^ZZoVBR@_GBn55U%^7GQS{rJQKlo|hadB%ALjePHh=+Z3{+ zX-)e0QEAGM2IG%KWCHv{|_KP(p&?*v-KpSL1$BOMUC#&UC5v3>Gr}j$w z7Cp>_W}*Kh< zS6;7!ZQK^UGb$>0!Q5E&m~Khc!^&>)x7zQ=IqqYKtc*!FTplNWJvQc#(EX7+J!arK z2m3Hk`wddw%Vu1=sAyBd@_N>)cWT3bzP1^w(a=OYhtTp;-pVdOVVf@E27jKe;A~2` zS5hWCE9E4JT3^Lfn4d$HJHjsR*g*)rnYOT?JI(UDX+xtUu_5KV5T?Y4dr7MS%jP_b zdr8i%nF>X1jw?%3x)&}0CI%R#gavoq&a>J#4?YS`jTM|(eCo(5z2 z@$oJ1tPzz|acT2eq)?-sJ$54R%g7xs)s1&O`XZ4+x!js+Hn!|2r4?sw*w4Aj#&6g>S+40j<$QY`R;wkvWYUY&RB**S08YVmON7wbA3tZu2bNa z)9K^Jy*Zh&-^RN_RR^A6c!HH?rDBa4cF$g}s+>@X>m$XArq6xNjYl?JqRxd^Z@Wer z_QV=YmS`!6K6eS2v>K1i^e8YU&nbJ!NSP3L!AFq#4U#~CzgLF5vDWiFb?G;-p7J#T z>T}xwnpmt>u$U8fH8FQOcF#&b|JAqo1fW=MkJXTlMbEWo$ntQM_%MlR7bQlU7pWrT zq`Q`|Pxt1i#QY(m#{XCc0jA8zlo|_K0h+3g#~i?!-&@61*SM4x&(NV*ny_8lH?Hn5h~H?Wm%CjqjI zkNM*OcT6rDB7-U~?{{plV>Twox1e()WZCvJBW`E&F}t&bR{;!dXN>2jC);uTV~IX? zr)JiV8mI6eMycqUCnVtOwFNmlLqZ=r5lfWX-77taIvVwoaN^ zC@dCNNeGC8zPUyA8H&M!(r%zbBE=iG_{KY$-z@o#C5778qWn(pbUprvP^udS_v*U`b_ z58+whOTU+dp=m6z?Jr~n0s?+D>fZ|Re}(irkedr3BV_fp&DcJ*>jfs$ib+!cPe{Y< zFZq~gmprRK%~^cqK)1Zb5^5*zyzkZP45Tol1Xm_PKHF%2|I;~GkH?mwyq592<9{O> zTYNBfP5c?E>`6rmPY1YpzE@?XbGg2%aokp)OQ{&n5FllfgR+lMBFXOZ5k7Ng-( z1{o^Dk>@1*>%G^(JP)5c)RsgS3L0*{k28B^Dx78nsT3I|;_c!bnDyVs?-D&UyL zvz{B}ZqabXa*;7JQ?TW5pzC8b0h5u{SL_ox9wuCgP4I9qbCz9qL&iTR<7kWMCBJnO z-C<~y1ELB1NSN#^hQ34&dL59jeEGaNBY9w4K0Mg{CMmks-c@IteW0*bV4Ii}fr*9f zS&&OP^%fshZg{paE<;~9llstX9zkwtl`ZBH&FKT)MkYUY35d4wB&%&_wrxv zYAC2xWuED-&Yu8_bWS&QNpQ^3AA&$ck!jhz1Nu!cHR{wkJ;BPgcVf5kBU*LBLkG|0D>sb!~ns zV-bhFjF>SGkhSDFzeW^V>^A8r35xn(OW-&YqzOFCMG(7rH^<~$gtMA`g zE;`|nsOILT_zg+(pB6ZNw|T~A>+c)xhEKIYPO?9+?M`i7Ex~$@3GDKctG1Ii3IpkL z#Xj_wbsf?h!>fBe4po|Uk2G%j=6W)C0fRB@<@hjx&yN#J4H^#LmrZ2O))}MKGm`t5 zWdqk$HxpxuC^N^o3g-K@M`tQsYsR<4LByH z!eYE7UJH--{hNV+5CB*qSmWg@e5>{pl0-Eff4P=O?;G85O+Xn{F6-^*3-!5zQIuGC ZpwL~HPeEkTBVFdrz#9sVdjE=)e*(ZA#oGV? literal 0 HcmV?d00001 diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties new file mode 100644 index 000000000..c3284a233 --- /dev/null +++ b/demos/wstrust/shared-extra-content/standalone/configuration/ws-digest-users.properties @@ -0,0 +1,2 @@ +#$REALM_NAME=ws-digest-domain$ This line is used by the add-user utility to identify the realm name already used in this file. +jbossws=148f15e82b7877e306261fff94a6ee16 diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties new file mode 100644 index 000000000..d692fb619 --- /dev/null +++ b/demos/wstrust/shared-extra-content/standalone/configuration/ws-roles.properties @@ -0,0 +1 @@ +jbossws=guest diff --git a/demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties b/demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties new file mode 100644 index 000000000..5af6e013c --- /dev/null +++ b/demos/wstrust/shared-extra-content/standalone/configuration/ws-users.properties @@ -0,0 +1,2 @@ +#$REALM_NAME=ws-basic-domain$ This line is used by the add-user utility to identify the realm name already used in this file. +jbossws=jbossws diff --git a/demos/wstrust/shared/pom.xml b/demos/wstrust/shared/pom.xml new file mode 100644 index 000000000..655d1e44e --- /dev/null +++ b/demos/wstrust/shared/pom.xml @@ -0,0 +1,51 @@ + + + + + + 4.0.0 + + + org.jboss.intersmash + wstrust-parent + 0.0.1-SNAPSHOT + ../pom.xml + + + wstrust-shared + + Intersmash Demos : (Wildfly): Webservices Trust Example (shared) + + + ${project.parent.parent.parent.basedir}/ide-config + + + + + org.jboss.ws.cxf + jbossws-cxf-client + + + diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java new file mode 100644 index 000000000..1c4dcebe1 --- /dev/null +++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/service/ServiceIface.java @@ -0,0 +1,25 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service; + +import jakarta.jws.WebMethod; +import jakarta.jws.WebService; + +@WebService(targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy") +public interface ServiceIface { + @WebMethod + String sayHello(); +} diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java new file mode 100644 index 000000000..f5f1aabad --- /dev/null +++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/ClientCallbackHandler.java @@ -0,0 +1,46 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.ext.WSPasswordCallback; + +public class ClientCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) throws IOException, + UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof WSPasswordCallback) { + WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; + if ("myclientkey".equals(pc.getIdentifier())) { + pc.setPassword("ckpass"); + break; + } else if ("alice".equals(pc.getIdentifier())) { + pc.setPassword("clarinet"); + break; + } else if ("bob".equals(pc.getIdentifier())) { + pc.setPassword("trombone"); + break; + } + } + } + } +} diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java new file mode 100644 index 000000000..7e7160d7f --- /dev/null +++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/UsernameTokenCallbackHandler.java @@ -0,0 +1,169 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared; + +import java.io.IOException; +import java.util.Map; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.trust.delegation.DelegationCallback; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.message.token.UsernameToken; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSSerializer; + +/** + * This implementation obtains a username and password via the jaxws property + * "ws-security.username" and "ws-security.password" respectively, as defined + * in SecurityConstants. It creates a wss UsernameToken to be used as the + * delegation token. + */ + +public class UsernameTokenCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof DelegationCallback) { + DelegationCallback callback = (DelegationCallback) callbacks[i]; + Message message = callback.getCurrentMessage(); + + String username = (String) message.getContextualProperty(SecurityConstants.USERNAME); + String password = (String) message.getContextualProperty(SecurityConstants.PASSWORD); + if (username != null) { + Node contentNode = message.getContent(Node.class); + Document doc = null; + if (contentNode != null) { + doc = contentNode.getOwnerDocument(); + } else { + doc = DOMUtils.createDocument(); + } + UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc); + callback.setToken(usernameToken.getElement()); + } + } else { + throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); + } + } + } + + /** + * Provide UsernameToken as a string. + * @param ctx + * @return user token + */ + public String getUsernameTokenString(Map ctx) { + Document doc = DOMUtils.createDocument(); + String result = null; + String username = (String) ctx.get(SecurityConstants.USERNAME); + String password = (String) ctx.get(SecurityConstants.PASSWORD); + if (username != null) { + UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc); + result = toString(usernameToken.getElement().getFirstChild().getParentNode()); + } + return result; + } + + /** + * + * @param username + * @param password + * @return user token + */ + public String getUsernameTokenString(String username, String password) { + Document doc = DOMUtils.createDocument(); + String result = null; + if (username != null) { + UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc); + result = toString(usernameToken.getElement().getFirstChild().getParentNode()); + } + return result; + } + + /** + * Provide UsernameToken as a DOM Element. + * @param ctx + * @return user token as element + */ + public Element getUsernameTokenElement(Map ctx) { + Document doc = DOMUtils.createDocument(); + Element result = null; + UsernameToken usernameToken = null; + String username = (String) ctx.get(SecurityConstants.USERNAME); + String password = (String) ctx.get(SecurityConstants.PASSWORD); + if (username != null) { + usernameToken = createWSSEUsernameToken(username, password, doc); + result = usernameToken.getElement(); + } + return result; + } + + /** + * + * @param username + * @param password + * @return user token as element + */ + public Element getUsernameTokenElement(String username, String password) { + Document doc = DOMUtils.createDocument(); + Element result = null; + UsernameToken usernameToken = null; + if (username != null) { + usernameToken = createWSSEUsernameToken(username, password, doc); + result = usernameToken.getElement(); + } + return result; + } + + private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) { + + UsernameToken usernameToken = new UsernameToken(true, doc, + (password == null) ? null : WSConstants.PASSWORD_TEXT); + usernameToken.setName(username); + usernameToken.addWSUNamespace(); + usernameToken.addWSSENamespace(); + usernameToken.setID("id-" + username); + + if (password != null) { + usernameToken.setPassword(password); + } + + return usernameToken; + } + + private String toString(Node node) { + String str = null; + + if (node != null) { + DOMImplementationLS lsImpl = (DOMImplementationLS) node.getOwnerDocument().getImplementation().getFeature("LS", + "3.0"); + LSSerializer serializer = lsImpl.createLSSerializer(); + serializer.getDomConfig().setParameter("xml-declaration", false); //by default its true, so set it to false to get String without xml-declaration + str = serializer.writeToString(node); + } + return str; + } + +} diff --git a/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java new file mode 100644 index 000000000..183405d84 --- /dev/null +++ b/demos/wstrust/shared/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/shared/WSTrustAppUtils.java @@ -0,0 +1,48 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared; + +import java.net.Inet6Address; +import java.net.InetAddress; +import java.net.UnknownHostException; + +public class WSTrustAppUtils { + + public static String getServerHost() { + final String host = System.getProperty("jboss.bind.address", "localhost"); + return toIPv6URLFormat(host); + } + + private static String toIPv6URLFormat(final String host) { + try { + if (host.startsWith("[") || host.startsWith(":")) { + if (System.getProperty("java.net.preferIPv4Stack") == null) { + throw new IllegalStateException( + "always provide java.net.preferIPv4Stack JVM property when using IPv6 address format"); + } + if (System.getProperty("java.net.preferIPv6Addresses") == null) { + throw new IllegalStateException( + "always provide java.net.preferIPv6Addresses JVM property when using IPv6 address format"); + } + } + final boolean isIPv6Address = InetAddress.getByName(host) instanceof Inet6Address; + final boolean isIPv6Formatted = isIPv6Address && host.startsWith("["); + return isIPv6Address && !isIPv6Formatted ? "[" + host + "]" : host; + } catch (final UnknownHostException e) { + throw new RuntimeException(e); + } + } +} diff --git a/demos/wstrust/sts/pom.xml b/demos/wstrust/sts/pom.xml new file mode 100644 index 000000000..713656faf --- /dev/null +++ b/demos/wstrust/sts/pom.xml @@ -0,0 +1,163 @@ + + + + + + 4.0.0 + + + org.jboss.intersmash + wstrust-parent + 0.0.1-SNAPSHOT + ../pom.xml + + + wstrust-sts + war + + Intersmash Demos : (Wildfly): Webservices Trust Example (sts) + + + ${project.parent.parent.parent.basedir}/ide-config + + 3.3.2 + + 10.0.0.Final + + 29.0.1.Final + + + + + org.jboss.intersmash + wstrust-shared + + + org.jboss.ws.cxf + jbossws-cxf-client + + + org.apache.cxf.services.sts + cxf-services-sts-core + + + + + + org.apache.maven.plugins + maven-war-plugin + ${version.maven-war-plugin} + + + %regex[^WEB-INF\/lib\/(?!wstrust-shared-.*\.jar$).*$] + sts-ROOT + + ${project.basedir}/src/main/webapp/META-INF/MANIFEST.MF + + + + + process-classes + + war + + + + + + org.wildfly.plugins + wildfly-jar-maven-plugin + ${version.wildfly-jar-maven-plugin} + + + create-bootable-jar-openshift + process-test-sources + + package + + + + ${project.build.finalName}-bootable-openshift.jar + + + org.wildfly:wildfly-galleon-pack:${version.wildfly.feature-pack} + + + + cloud-server + webservices + + + + ${project.basedir}/../shared-cli-scripts/jbws-testsuite-default-elytron-CLI.properties + + + + + + + ${project.basedir}/../shared-extra-content + + + + true + + + + + + + + + org.apache.maven.plugins + maven-install-plugin + + + install-bootable-jar-openshift + generate-test-resources + + install-file + + + ${project.groupId} + ${project.artifactId} + ${project.version} + jar + bootable-openshift + ${project.build.directory}/${project.build.finalName}-bootable-openshift.jar + + + + + + + diff --git a/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java new file mode 100644 index 000000000..667b48a4e --- /dev/null +++ b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/STSCallbackHandler.java @@ -0,0 +1,34 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts; + +import java.util.HashMap; +import java.util.Map; + +import org.jboss.wsf.stack.cxf.extensions.security.PasswordCallbackHandler; + +public class STSCallbackHandler extends PasswordCallbackHandler { + public STSCallbackHandler() { + super(getInitMap()); + } + + private static Map getInitMap() { + Map passwords = new HashMap(); + passwords.put("mystskey", "stskpass"); + passwords.put("alice", "clarinet"); + return passwords; + } +} diff --git a/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java new file mode 100644 index 000000000..ed415af63 --- /dev/null +++ b/demos/wstrust/sts/src/main/java/org/jboss/test/ws/jaxws/samples/wsse/policy/trust/sts/SampleSTS.java @@ -0,0 +1,69 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts; + +import jakarta.xml.ws.WebServiceProvider; + +import java.util.Arrays; +import java.util.LinkedList; +import java.util.List; + +import org.apache.cxf.annotations.EndpointProperties; +import org.apache.cxf.annotations.EndpointProperty; +import org.apache.cxf.sts.StaticSTSProperties; +import org.apache.cxf.sts.operation.TokenIssueOperation; +import org.apache.cxf.sts.operation.TokenValidateOperation; +import org.apache.cxf.sts.service.ServiceMBean; +import org.apache.cxf.sts.service.StaticService; +import org.apache.cxf.sts.token.provider.SAMLTokenProvider; +import org.apache.cxf.sts.token.validator.SAMLTokenValidator; +import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider; + +@WebServiceProvider(serviceName = "SecurityTokenService", portName = "UT_Port", targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/", wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl") +@EndpointProperties(value = { + @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"), + @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"), + @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.STSCallbackHandler"), + @EndpointProperty(key = "ws-security.validate.token", value = "false") +}) +public class SampleSTS extends SecurityTokenServiceProvider { + public SampleSTS() throws Exception { + super(); + + StaticSTSProperties props = new StaticSTSProperties(); + props.setSignatureCryptoProperties("stsKeystore.properties"); + props.setSignatureUsername("mystskey"); + props.setCallbackHandlerClass(STSCallbackHandler.class.getName()); + props.setIssuer("DoubleItSTSIssuer"); + + List services = new LinkedList(); + StaticService service = new StaticService(); + service.setEndpoints(Arrays.asList(System.getenv("SERVICE_ENDPOINT_URL"))); + services.add(service); + + TokenIssueOperation issueOperation = new TokenIssueOperation(); + issueOperation.setServices(services); + issueOperation.getTokenProviders().add(new SAMLTokenProvider()); + issueOperation.setStsProperties(props); + + TokenValidateOperation validateOperation = new TokenValidateOperation(); + validateOperation.getTokenValidators().add(new SAMLTokenValidator()); + validateOperation.setStsProperties(props); + + this.setIssueOperation(issueOperation); + this.setValidateOperation(validateOperation); + } +} diff --git a/demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF b/demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 000000000..fc0d5e7a1 --- /dev/null +++ b/demos/wstrust/sts/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Dependencies: org.jboss.ws.cxf.jbossws-cxf-client,org.jboss.ws.cxf.sts annotations + diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties new file mode 100644 index 000000000..ee49463fc --- /dev/null +++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsKeystore.properties @@ -0,0 +1,27 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# The properties in this file represent WSS4J's Crypto implementation which is +# loaded and configured via a Java properties file that contains Crypto +# configuration data. The file contains implementation-specific properties. +# This application is using Merlin, an implementation of Crypto. +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=stsspass +org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks + diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsstore.jks b/demos/wstrust/sts/src/main/webapp/WEB-INF/classes/stsstore.jks new file mode 100644 index 0000000000000000000000000000000000000000..4ba33e40ef53ee81f1233d0bf89a9f837c168992 GIT binary patch literal 5570 zcmds)XH-+$)`k-jI-vzfAP6C$2m&Udi4>&^N1DI^MM~&3bOk}AS1BS@K&li0ks`f| zA}F9BAVn#Hbm^kfzJQ!_y^iyZGtR$z?~gt9m~*YM$C`7m_gU}SU*2B^001P!2TXi` z018JhH+MICOD|%e^?q>J1^^%hU;@Cq7+Nx_Q)ECeP=JI12qXo71Hf~qKGcsa2UP_1 z|E99SoR+WH2x~lv3XWJJpoH~+3boJ6Wdsi}%`BoO_{2C-8EV?dgt|erA*rVs%Xcw= zX%{+TYOG(IAR9}zz#7-t=5p1^lTN}@Vr+fxD0?3Qm`HJD%l$H|Y z{c_D!$(p_bRbp`o%sbs;~YvCuAU+{*Y*vp1pWzpL+TTvGJ zH7-!QeY=?`(zAxWM##Wr1fgP~9J-gME z&~f00HfEw2?e5r0TiKaom1l@JbvcfvW&CyBkQGyB?L3K4YlbKD(HW?6lpUSlLHcxbjh}|Vb zOK1aRDC_#8U=YK?tEj_3Fttsbq>!_+_H&qc|7sWwi@l@~Gq~L@}cTSS=aR2UlyQ1yn zuV-|@7wn~m2!rS~uWe(KezVKVacXlM1P^Hl^4)vLcsI*Kn=<)6wvevnCHH|y)3?E> zgs;jB9!m(E{KSh&g%hrZ;Mm_jldSfB6ba;7x$$=8`Ku<)QhGcHmr{A5QVJkoIqX#_ zaduBlZ<+N4`~Ln8cj{svd}xFuZ}|I^*HfJ>zM_n~k7EXe+}kDwq@gAy!Mwg60tONq zM#BkyqA?Uon;3XEFbZur9FU)qHn|E~ECmAN1?rc1jfaF=C1@i}bO>9QgtxFi4Aj^*Gsw-#FX(J9yt-bI&l)@VbyQjjH#G*Z=o9a*e z_%cuHGVW7`G)SIvZum;O_WpC9-=xmB0a6(;MWqy1i*N(3eeV8IVK!gBR=Mc7an4!o z&pPKD<_4I-WDk=8p%!-4Hp$~xd{j+&_M|zA?xjSGtLLV`1vae>Z&>Ds?+WD&+%KY_ z4~Q9x=H)(Hro$$q-CgUsNLCLlUDVUL1`nvTzc5Kf?bb5ZfCKVcJ%~eCZWlwf?&P&Ji#ME5leTR4SP3YiRWRL%=kjPCGK{ErMQtwxAyK>$ zMs;!bl7EfS)}p?Lz(lAiC)LUPxKDkCy<35vD^vWtpdcus@w%=#9b zo6jc0h;$%Gcho6@N~T|ydugWNDfnBVKxGm^DoA`nE3X~E^@#yLnq2DOJfi*}Yvn=a`D?8#J&NmBhA-)@QkPG}#l3E0JJ@#*gR4db&z+y#eA=?+B}yrs1%eq4 z^t*}oomg$tS1?suSxw9Tz!yprSV@Zb{8{oo^+~V`(DlJHyN_Ja)3@zHw(ml;T}35| zD|88Tx2~uhk&)CuSPUZx0D!hJ0iX>`0Lf@3hy+MN0=7RLyoZ61Q3`}y2-$`Jfz(7` z`WIrUF_dH=Jun%RL{A6HfT24KD4-PTcvmk6Ji!9Xh@n4BkwYov@eb~`j!v$YSbhxO zVU7xl)WJJCJ6IxhbajwILP!lwU8J(+C8X9RO+`HgT~$pDEDMI|a4IzvqNE6KJ67`bGa9A!)l}r>iYp zum@FHL2GMY20rvQ*Y;$*(XtTHl6WdA^Om;^kbPr5b6MSZPVkWj>_cZJ=Xu}Js5gzw z<$_@`g!vpuCCz0@{o0T?CNnP2{+9a~oo@w3)@nXnBp@IFn8StP#GD}Rk`uIG7BG{1 z^D7O~TemLE!XL1io!xUP(UCOzxrxO6Ol%?$z|Sz{Xrvq6j1BN@L~6_I@puI`*HDEz zO=sUVo}crX^2wxJf!(Qxi|o@e(~M(mxyCwE&qWy0#w+Zd*-kcu=IPyI8S+|w=5fPr z9-hrN)u=dHaxOblU`ZOCj*hWp&<62`gGNGHH&h4xGOXKKA;AgH#v(@3Y`88}K#&6}PNad~K+RLXu_Nxg3b7F61*9(_&8Mbrk8%4%?? zH=@_O@>z;t)1*M8*{8zT=633amnyb88|PCBtDP=MMcC}#o(&wV7$LNKFZ3)d6;Ol8 zGrebG6Q`@r{$5NZC7ZJGCWCx+?Yf%dt0SL8L-a?MuGehME&uRHW48_ff3N{8M6^o$ zL_RPav*Dx~Q|&Lk#Q3-We{9gOypFu=F%Uethf*7bpz!XIwy!OFn=6KAiJ2Hbg{l zqCa8dDEwb3^Y4ffqQ#?eku};)|I0{UHSY440l-=nn5ORbi#vvE@OyM;Qhod>Lc@4`IWMOCOT}|d+U@yw&98|u5mY+Ljn(= zligh!>9mSU{woi{XqT-~=PK6gSy-a=7z~wW6jagZ&{|#Z68W&;SqXFwIeov>v(b+q z>HKr%4(v*!yk%g!lNCC09WeaPaed9Z$!wTNd<{aiaK5KVSCr@ZhrWet*r_QkgTn z+kw3Y?i;O*dVfU}=T8A!MOpN(CEmwrep@PD?b9&7`ilyVh@xANR6b?+(4+@Q?VQW4 z65weppx?gsnEHJdso~38YvgIW`SiKg`+FMX_HGn2rJd1HqjmbW5fWWrzNZPDlNQgh zc+fwro2|W3N=LOX`1a;1D4$VdX5G=Z09>{DUV({ZZEeZdmdiwN5BrjyC5=uW(Oq?N z*h+EfiGEiW&U662rv??8cIs1J2b0R?N?*g9e9i1UwNLZ*oK za(5zNB`{(?SR#DP5;=2sIXC3bMEPf)YT z!Qya#g#Wn<|2xq?>hH7QR_Xq}uvdF0^{bYQXQRD0JU_)~r!4VoiHHE-AmS2PgjNDu zV&uYFu_=>SSoe}f4O&5(iU0lJ+!tmlH5>KZ82%AhlB>1yOs`!f&L7YC^6N^3@;oBG zszJW7>W15R&5FHNv(J!GOS1Gu-hv(AUlPKU8Gr<(D=NO4UqXqqG`ynb3O%K zqnKXZvshVSb>Q79&=lY(O|bTMajK>Qx$D_&7V` zFjsAc2Fppep$^(SE>K;*uLyMRcF|wUdq)bVycFJ^qc`FI^jzaD^ug$hf8qX|M zc&v=GZkx;YUx_}*Wks<@1kA2yx~*kT_pMnUQKa+BPCXL6)r`nRv^;tKSfawhQv@>Q zp!ex!;5}nBU21uJ$a*YCc!wC6Rdg8629SF&Sn|2=>ZZ-+`Z8>4CWi)=#_LO|yWoSu zUaRTXMLKp%1hqI*LYsRR5^H?FOLDq(KHTzd_LCXhu!1S5MDpaC{3hej=;))2 ztB%TNmFO5Vvv~hlpyXki%oVZR(+3NTtK5K&jT!uTAv=k@iydF$pas>7Yd2y6FBN*b zriVmmp*2a9Z|%cVY*!al!Yg=4CJHcg@OxqkOb&anPq3(n;PP!}Oyj#Z8sDso9}7#J zPL}z;9w{Ca%4wIaKUSE^yrRI4x*h8p@UH%2TQctU)DO`+di_xRA1-3#<(of64~7w4 z1e7THonz6TAw%)}(n^ef?Z1ouUpI_DUBt00$)OMpTf8;i6^~TLJ2<#u1u+6Y^p8H) zzrqoG{-Jw-VVDoU0)o;WivCA6N9F;E;rQ7+F#H%g|F0Q8TL+vZ?vM+A-Z&1!|LWTQ z4jomLN@GJJ+dkNGr>4vm?@NB1a2Au<#IPCTkk<=z6t`(2e@%jQZbAoa8MmF4Fv+#Q_%Iwm#@9LI# zH}d;0L~8)P*O&q(YFG^jONo}O0`UneM%gwolRbNx6=LMGFYedeQHN9pO_P5Ox&4sM zz)m)cJ)8Lh1t~RUJ-+Os`t^EWPX8EA(IIrZ_ZR`^tx+q-#a2=|_8;v*>kk$67zRxiGrJT)cjsuF;J1!8? z4>(yVkMrD8WdLBA_PKHCu9o*c`?lXabKYI(0ItIFAC)AQ+q20;w3M9QoW9xne;=5O A6aWAK literal 0 HcmV?d00001 diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml b/demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml new file mode 100644 index 000000000..159229a8c --- /dev/null +++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/jboss-web.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml b/demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml new file mode 100644 index 000000000..f7a72826d --- /dev/null +++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/permissions.xml @@ -0,0 +1,41 @@ + + + + + java.lang.RuntimePermission + getClassLoader + + + java.util.PropertyPermission + user.dir + read + + + java.util.PropertyPermission + jboss.bind.address + read + + + java.lang.RuntimePermission + createClassLoader + + + java.lang.RuntimePermission + org.apache.cxf.permission + resolveUri + + + + java.net.SocketPermission + * + connect,resolve + + + java.io.FilePermission + <<ALL FILES>> + read + + diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml b/demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 000000000..0f43a1fc8 --- /dev/null +++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,15 @@ + + + + + TestSecurityTokenService + org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.SampleSTS + + + TestSecurityTokenService + /SecurityTokenService/* + + diff --git a/demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl b/demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl new file mode 100644 index 000000000..393c16bfe --- /dev/null +++ b/demos/wstrust/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl @@ -0,0 +1,312 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/demos/wstrust/test/pom.xml b/demos/wstrust/test/pom.xml new file mode 100644 index 000000000..30aa7afb0 --- /dev/null +++ b/demos/wstrust/test/pom.xml @@ -0,0 +1,110 @@ + + + + + + 4.0.0 + + + org.jboss.intersmash + wstrust-parent + 0.0.1-SNAPSHOT + ../pom.xml + + + wstrust-test + Intersmash Demos : (Wildfly): Webservices Trust Example (test) + + + + ${project.parent.parent.parent.basedir}/ide-config + + + + + + org.jboss.intersmash + wstrust-shared + + + org.jboss.ws.cxf + jbossws-cxf-client + + + org.apache.cxf.services.sts + cxf-services-sts-core + + + org.apache.cxf + cxf-rt-ws-security + + + org.apache.cxf + cxf-core + + + org.glassfish.jaxb + jaxb-runtime + test + + + org.glassfish.jaxb + jaxb-core + test + + + javax.xml.bind + jaxb-api + + + org.jboss.ws.cxf + jbossws-cxf-test-utils + + + org.apache.cxf + cxf-rt-frontend-jaxws + test + + + + + + + org.apache.maven.plugins + maven-surefire-plugin + + + ${client.jvm.jpms.args} + + false + false + + + + + diff --git a/demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java b/demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java new file mode 100644 index 000000000..6da56be72 --- /dev/null +++ b/demos/wstrust/test/src/test/java/org/jboss/jaxws/STSWstrustOpenShiftJarApplication.java @@ -0,0 +1,107 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.jboss.jaxws; + +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.maven.settings.building.SettingsBuildingException; +import org.eclipse.aether.resolution.ArtifactResolutionException; +import org.jboss.intersmash.deployments.util.maven.ArtifactProvider; +import org.jboss.intersmash.tools.application.openshift.BootableJarOpenShiftApplication; +import org.jboss.intersmash.tools.application.openshift.input.BinarySource; + +import cz.xtf.builder.builders.SecretBuilder; +import cz.xtf.builder.builders.secret.SecretType; +import io.fabric8.kubernetes.api.model.EnvVar; +import io.fabric8.kubernetes.api.model.EnvVarBuilder; +import io.fabric8.kubernetes.api.model.Secret; + +public class STSWstrustOpenShiftJarApplication implements BootableJarOpenShiftApplication { + private String GROUPID = "org.jboss.intersmash"; + private String ARTIFACTID = "wstrust-sts"; + private String VERSION = "0.0.1-SNAPSHOT"; + static final String BOOTABLE_JAR_ARTIFACT_PACKAGING = "jar"; + static final String ARTIFACT_CLASSIFIER = "bootable-openshift"; + + static final EnvVar TEST_ENV_VAR = new EnvVarBuilder().withName("test-evn-key").withValue("test-evn-value").build(); + static final String TEST_SECRET_FOO = "foo"; + static final String TEST_SECRET_BAR = "bar"; + static final Secret TEST_SECRET = new SecretBuilder("test-secret") + .setType(SecretType.OPAQUE).addData(TEST_SECRET_FOO, TEST_SECRET_BAR.getBytes()).build(); + + @Override + public BinarySource getBuildInput() { + Path file = null; + try { + file = ArtifactProvider.resolveArtifact( + GROUPID, + ARTIFACTID, + VERSION, + BOOTABLE_JAR_ARTIFACT_PACKAGING, + ARTIFACT_CLASSIFIER).toPath(); + } catch (SettingsBuildingException | ArtifactResolutionException e) { + throw new RuntimeException("Can not get artifact", e); + } + return new BinarySourceImpl(file); + } + + @Override + public List getSecrets() { + List secrets = new ArrayList<>(); + // a secrete is not required for this app to run + return Collections.unmodifiableList(secrets); + } + + @Override + public List getEnvVars() { + // The mock STS requires the URL of the service. This information + // is collected during test startup configuration and made available + // to STS on class creation. + List list = new ArrayList<>(); + list.add(new EnvVarBuilder().withName(TEST_ENV_VAR.getName()) + .withValue(TEST_ENV_VAR.getValue()).build()); + list.add(new EnvVarBuilder().withName("SERVICE_ENDPOINT_URL") + .withValue( + String.format("http://%s/service-ROOT/SecurityService", + cz.xtf.core.openshift.OpenShifts.master() + .generateHostname(ServiceWstrustOpenShiftJarApplication.ARTIFACTID))) + .build()); + return Collections.unmodifiableList(list); + } + + @Override + public String getName() { + return ARTIFACTID; + } + + // todo remove local class impl once intersmash issue #85 is resolved + class BinarySourceImpl implements BinarySource { + Path f; + + public BinarySourceImpl(Path f) { + this.f = f; + } + + public Path getArchive() { + return f; + } + } + +} diff --git a/demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java b/demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java new file mode 100644 index 000000000..79380a5e5 --- /dev/null +++ b/demos/wstrust/test/src/test/java/org/jboss/jaxws/ServiceWstrustOpenShiftJarApplication.java @@ -0,0 +1,98 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.jboss.jaxws; + +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.maven.settings.building.SettingsBuildingException; +import org.eclipse.aether.resolution.ArtifactResolutionException; +import org.jboss.intersmash.deployments.util.maven.ArtifactProvider; +import org.jboss.intersmash.tools.application.openshift.BootableJarOpenShiftApplication; +import org.jboss.intersmash.tools.application.openshift.input.BinarySource; + +import cz.xtf.builder.builders.SecretBuilder; +import cz.xtf.builder.builders.secret.SecretType; +import io.fabric8.kubernetes.api.model.EnvVar; +import io.fabric8.kubernetes.api.model.EnvVarBuilder; +import io.fabric8.kubernetes.api.model.Secret; + +public class ServiceWstrustOpenShiftJarApplication implements BootableJarOpenShiftApplication { + private String GROUPID = "org.jboss.intersmash"; + static final String ARTIFACTID = "wstrust-service"; + private String VERSION = "0.0.1-SNAPSHOT"; + static final String BOOTABLE_JAR_ARTIFACT_PACKAGING = "jar"; + static final String ARTIFACT_CLASSIFIER = "bootable-openshift"; + + static final EnvVar TEST_ENV_VAR = new EnvVarBuilder().withName("test-evn-key").withValue("test-evn-value").build(); + static final String TEST_SECRET_FOO = "foo"; + static final String TEST_SECRET_BAR = "bar"; + static final Secret TEST_SECRET = new SecretBuilder("test-secret") + .setType(SecretType.OPAQUE).addData(TEST_SECRET_FOO, TEST_SECRET_BAR.getBytes()).build(); + + @Override + public BinarySource getBuildInput() { + Path file = null; + try { + file = ArtifactProvider.resolveArtifact( + GROUPID, + ARTIFACTID, + VERSION, + BOOTABLE_JAR_ARTIFACT_PACKAGING, + ARTIFACT_CLASSIFIER).toPath(); + } catch (SettingsBuildingException | ArtifactResolutionException e) { + throw new RuntimeException("Can not get artifact", e); + } + return new BinarySourceImpl(file); + } + + @Override + public List getSecrets() { + List secrets = new ArrayList<>(); + // a secrete is not required for this app to run + return Collections.unmodifiableList(secrets); + } + + @Override + public List getEnvVars() { + List list = new ArrayList<>(); + list.add(new EnvVarBuilder().withName(TEST_ENV_VAR.getName()) + .withValue(TEST_ENV_VAR.getValue()).build()); + return Collections.unmodifiableList(list); + } + + @Override + public String getName() { + return ARTIFACTID; + } + + // todo remove local class impl once intersmash issue #85 is resolved + class BinarySourceImpl implements BinarySource { + Path f; + + public BinarySourceImpl(Path f) { + this.f = f; + } + + public Path getArchive() { + return f; + } + } + +} diff --git a/demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java b/demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java new file mode 100644 index 000000000..08cb9e13c --- /dev/null +++ b/demos/wstrust/test/src/test/java/org/jboss/jaxws/WstrustOpenShiftJarTest.java @@ -0,0 +1,117 @@ +/** + * Copyright (C) 2023 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.jboss.jaxws; + +import jakarta.xml.ws.BindingProvider; + +import java.net.URL; +import java.util.Map; + +import javax.xml.namespace.QName; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.trust.STSClient; +import org.assertj.core.api.Assertions; +import org.jboss.intersmash.tools.annotations.Intersmash; +import org.jboss.intersmash.tools.annotations.Service; +import org.jboss.intersmash.tools.annotations.ServiceUrl; +import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.service.ServiceIface; +import org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.ClientCallbackHandler; +import org.jboss.wsf.test.CryptoCheckHelper; +import org.junit.jupiter.api.Test; + +@Intersmash({ + @Service(ServiceWstrustOpenShiftJarApplication.class), + @Service(STSWstrustOpenShiftJarApplication.class) +}) +public class WstrustOpenShiftJarTest { + + @ServiceUrl(STSWstrustOpenShiftJarApplication.class) + private String stsOpenShiftUrl; + + @ServiceUrl(ServiceWstrustOpenShiftJarApplication.class) + private String serviceOpenShiftUrl; + + @Test + public void test() throws Exception { + + Bus bus = BusFactory.newInstance().createBus(); + try { + BusFactory.setThreadDefaultBus(bus); + + final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", + "SecurityService"); + // service specified during the build to use the archive's name as the service's context-root + final URL wsdlURL = new URL(serviceOpenShiftUrl + "/service-ROOT/SecurityService?wsdl"); + jakarta.xml.ws.Service service = jakarta.xml.ws.Service.create(wsdlURL, serviceName); + ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class); + + final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService"); + final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port"); + // sts uses the wildfly-jar-maven-plugin's default behavior of deploying the archinve + // into Wildfly's root directory, hence no context-root is to be specified in the url. + URL stsURL = new URL(stsOpenShiftUrl + "/SecurityTokenService?wsdl"); + setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName); + + try { + Assertions.assertThat(proxy.sayHello()).isEqualTo("WS-Trust Hello World!"); + } catch (Exception e) { + throw CryptoCheckHelper.checkAndWrapException(e); + } + } finally { + bus.shutdown(true); + } + } + + private void setupWsseAndSTSClient(ServiceIface proxy, Bus bus, String stsWsdlLocation, QName stsService, QName stsPort) { + Map ctx = ((BindingProvider) proxy).getRequestContext(); + setServiceContextAttributes(ctx); + ctx.put(SecurityConstants.STS_CLIENT, createSTSClient(bus, stsWsdlLocation, stsService, stsPort)); + } + + private void setServiceContextAttributes(Map ctx) { + ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler()); + ctx.put(SecurityConstants.SIGNATURE_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties")); + ctx.put(SecurityConstants.ENCRYPT_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties")); + ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey"); + ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey"); + } + + private static STSClient createSTSClient(Bus bus, String stsWsdlLocation, QName stsService, QName stsPort) { + STSClient stsClient = new STSClient(bus); + if (stsWsdlLocation != null) { + stsClient.setWsdlLocation(stsWsdlLocation); + stsClient.setServiceQName(stsService); + stsClient.setEndpointQName(stsPort); + } + Map props = stsClient.getProperties(); + props.put(SecurityConstants.USERNAME, "alice"); + props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler()); + props.put(SecurityConstants.ENCRYPT_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties")); + props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey"); + props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey"); + props.put(SecurityConstants.STS_TOKEN_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("META-INF/clientKeystore.properties")); + props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); + return stsClient; + } +} diff --git a/demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties b/demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties new file mode 100644 index 000000000..424320ac3 --- /dev/null +++ b/demos/wstrust/test/src/test/resources/META-INF/clientKeystore.properties @@ -0,0 +1,28 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# The properties in this file represent WSS4J's Crypto implementation which is +# loaded and configured via a Java properties file that contains Crypto +# configuration data. The file contains implementation-specific properties. +# This application is using Merlin, an implementation of Crypto. +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=cspass +org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey +org.apache.ws.security.crypto.merlin.keystore.file=src/test/resources/META-INF/clientstore.jks + diff --git a/demos/wstrust/test/src/test/resources/META-INF/clientstore.jks b/demos/wstrust/test/src/test/resources/META-INF/clientstore.jks new file mode 100644 index 0000000000000000000000000000000000000000..5c48cb437d9cd1bae09dfb5b9f20f43aee7afc89 GIT binary patch literal 5571 zcmds*c{r49`^RS(`!X12Y%#_bS?(ExEZIHEGPaQH`!aSSvJ8=(l3gKdQjuNOq@*Zh zr?O;8X{-_XAw6$z$MZX$-#_l-KF;&L?)$jU^SHjB>w8__KYjlM0)dG3FUaAY z5*J`)<74IRViy1cfiKos^R|LWj71~>X%L9`HGn663E+vUbBT$-L_`qoM%-P1hLl1u z@{h<(8ZelO1O$YoqNxB1Qes00DU8TaA58;L9R%bsh>oL^I~uw_em^9Gk*Zh)__({F zB>{ixIJL#{nD&8Vnl1prrvZakRwA z^9UL-0FA-?4F7X~91lkQ+GH>Zh!_usf&e_2k_Zn5gYNbB+488r++N(RPtN*^mGf_M z31lwLF#A@Kda7JZkbjU(k2D5*gEcjFk#N_NQR3>$CG9$HWm!gniNW~|CdxC8S_O#$ zqlh#w2esK==PFE?6+`#eyI@;_hRj;iW!Kwyz_witLHy48 z3|+Tt8TQOn2$C{o{^aD%L%6Pm4DLFWoZ6m`RS)g=0^07x3cBULpd7dzHLm#wuqVH>(P)8PQIu^*?X~;w>qXIla5?tOvG)$_=jCBb3!+c?&Gg%DFb-g48gz@x?5XPsgoo zCmslv-^rFcFHs=6x5)5?2lRAx)=ELxS+Yp;>Bco!N$p3%r6f?da_{q*Au(E5UE2Er zm*@kuYObKO1*ImR1M10JZ%1sZTY52AFmc!i#A~K@sa@#AhCnKUb zo%4;xOS71kmDy2oNnZHj#_9HSOx)C==E-pZ-abc)$4-18i~pD6H}@64y07@LBgMOj zUfKPvk3d-Izbl>|fF1~w97e8X0X9O4yK0yqlI*|H)4F^I;vjWV2B8dVFr`pde96dXL09pc#22P?SF_L1K zeF$IoMY7!bMw3G=J4^hSPudv``jD3Nh2v3sRJa-5+lUHd+5pE}XqIzCmjc zq^{g9Z$NlU9c7gJO#XHAh54YVpj?V&L~(r)ae0>Q=_%d?Z{b}|CZ@t}Ye>A}nLs*zHj|+h5*e4bs#<-ch=}`b zS_yutp5l%)SuDmfGI-GsLWF=44!a4!zIK)ug}A4~8LH-Md3 zILGoQ8z8~}9wM;M2l^v696!TY|64DCu#W$a4cc}WktXh5E@(P{_6Hltlzi>&tz6yF zrvRxRWI!L0;a4+&^>X)fvbFR2hp1o%;6G3SJw(NivJP>90+7Gr0(Mlg!qNSwcle17 zF)@tzFW5K?|5wWVJEBBld9^iJ61H@PHuKAKIs=K?k!E;RxDz} zg3CDFn$wR*nE9qgCPu2Xdj$^3e_p-1!!~DxEdC;(ng_PfXVu+Zp#ZavJlycQc9|(M zd=K{i<#X*ES{2o><-)79pBzx9AFedQ;R%NHrmC~b8r{JUNpjyNqwAM> zGB!PV+TilA4oS37@7BVxz_;smTqQN&!Osf~yiZ5G^I$K`Q%_zF4Q9`YzETn0AEuLZ zUrvf|GrV`tXSJ=#@UMvC@d3YHmPhwWa^jlK*3#WCecCn`epA6AQ4C7bDyK~ESoDCY zJPLT!@&4w5MjeC)R1E0PHyQv?GBGP9Eo;5p^RnenUE}uW{kR%<_0yj6?EBIVsYO&)v zehEQ9G0F=%;9EuK&0p)AHR$E>i1J`v?~Kpu0<8B^??G+_F1?}6rYOvr#%P9~V~xKt zTGib7aJfuU+kb5bO*K{*}X0R-Ew^q6SJmCb;XLB>7r?hHfNl0AWX$m zD1S@BK(mxBPb6q(K1<_X3tSJKo7R>2X5cbZ^lWur;hXuD^I}((Ddj#$(3@>o=N78p+INTc#Ni4Tyzp zKi1d@R_4u`PNj&3ZVZFlq9T`I35`H$p2kXbowtO@i-25iwRV>t!KS3{;oRNhF^ztl z{7kUIIdeCuK%Vb(7qpYvTgjt!cw7tWcvw4;FIw~L^go^T#Bhw9B%AJ0OL3gC9}P)h zQp1r;Ly7Q~Y?7M%pG}@cCNGL=sIt0P56gZRHCxAPVvZw>qK8(-&P+cV4XB`UcWy$FS$XP16SP`22f31!xPEEk}E^RaL9Sop1> zP42{4yWyQx4DG01LkMS}mBKWd_HLh|U|(e?y1Z!vU&iXh=88OE2nwS~hu1fR1hq5gO?K+;u|}jI zLSJSfS#zS~VrPg3K*RlXm8SvRJIbwkbHdJwYf_TPaxtbOXYEXJbsy0i14O3z;5=lK z{XH^lTrYChR7?(kkG$%`4V|mliy0(z3&n7Ss5QoFPvgm+wNK?DjZX+I;(^a16N#$J ze2UeP)5UX$&h~JVjyodp@QO(2{Phm{^6TzJeSGM>g55VTnc}l$NkgHt5L4p|!zvo= z_3$FZU4>q$Z23ZSOL=w=(ifvyucVVy3e#`D>RTIPNWSdqr!y67NcMOMinl&JkbCJ^ zBL{oZg_8?JH9mn}TAkNqsGdMg86>pdYT+U2`6YKR!9^&!mK??-2 z4@B7hw(HxGwUQ!5@&2}`0AcliYpsrsNXTF`+D=vuR$f*}H7i$FZ?q5~_`_gv9~ms= zLn!}4ON9WKepo8n155RT>xYgC32^-CsOWz@Qux=1f7^yhV-C(@{@jKgg#XpG{hf)b zp->$k659+ySGqUnE(hv`ax%j$=2EZL`HHZhCN*%(rmPw$bW=^O{x07(btV<}xWx(?|Hxv6g}vH+ko2ofAe7erY*#VogQ8Fyk`t zy1(V!3vp=KulNTRl{+`{!=>Wy@6{{%gs}8@THMc*fJCBLGvYm0xWs+$pA@=|x=X?s z_K90b`vp|_v*JaY2(gZ)^7}mN#3`W{WC=x2s~?uS?|!gy9c#K;)XJwW$~+g#J%gez z>A9O=e}-%N0^z3dwSE;F9@1`CJO+X@z)rs__F9EsQME0{(zM;?fEbmp@P=WN~U2IYZG z0%3~@+Mw+^OVGPI7Gt-iR67>IlpD)t`HqS2dvTB~=GO<1zgs4X8(f+-xWCdF>w>`%Lq@6&+u3?2)%6d(x0h zV&r9f6?kMSK;R19({E*;w@w6ociQs5J^V)~8_vSD`CF&1iA}( + + + + + + ${console-log-level:-INFO} + + + [%d] %-5p- %m%n + + + + 300 + + + + + log/test.log + false + + DEBUG + + + [%d] %-5level [%thread]: %message%n + + + + 300 + + + + + log/everything.log + false + + [%d] %-5p- %m%n + + + + 300 + + + + + + + + + + + + + + + + + +