@Test
public void testSaml1() throws Exception {
// Create + configure service
Service service = createService();
WSSSecurityProperties inProperties = new WSSSecurityProperties();
inProperties.setValidateSamlSubjectConfirmation(false);
WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
service.getInInterceptors().add(inhandler);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
@Test
public void testSaml1SignedSenderVouches() throws Exception {
// Create + configure service
Service service = createService();
WSSSecurityProperties inProperties = new WSSSecurityProperties();
Properties cryptoProperties =
CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
service.getInInterceptors().add(inhandler);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
properties.put(WSHandlerConstants.USER, "alice");
properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
properties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
/** Configures SOAP interceptors for the given client. */
protected void configureInterceptors(Client client) {
client.getInInterceptors().add(new Cxf3791WorkaroundInterceptor());
// WS-Addressing-related interceptors
if (wsTransactionConfiguration.isAddressing()) {
MustUnderstandDecoratorInterceptor interceptor = new MustUnderstandDecoratorInterceptor();
for (String nsUri : SoapUtils.WS_ADDRESSING_NS_URIS) {
interceptor.addHeader(new QName(nsUri, "Action"));
}
client.getOutInterceptors().add(interceptor);
MAPCodec mapCodec = new MAPCodec();
MAPAggregator mapAggregator = new MAPAggregator();
client.getInInterceptors().add(mapCodec);
client.getInInterceptors().add(mapAggregator);
client.getInFaultInterceptors().add(mapCodec);
client.getInFaultInterceptors().add(mapAggregator);
client.getOutInterceptors().add(mapCodec);
client.getOutInterceptors().add(mapAggregator);
client.getOutFaultInterceptors().add(mapCodec);
client.getOutFaultInterceptors().add(mapAggregator);
}
if (wsTransactionConfiguration.isSwaOutSupport()) {
client.getOutInterceptors().add(new ProvidedAttachmentOutInterceptor());
client.getOutInterceptors().add(new FixContentTypeOutInterceptor());
}
InterceptorUtils.copyInterceptorsFromProvider(customInterceptors, client);
}
@Test
public void testSaml2TokenHOK() throws Exception {
// Create + configure service
Service service = createService();
WSSSecurityProperties inProperties = new WSSSecurityProperties();
Properties cryptoProperties =
CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
CustomStaxSamlValidator validator = new CustomStaxSamlValidator();
inProperties.addValidator(WSConstants.SAML_TOKEN, validator);
inProperties.addValidator(WSConstants.SAML2_TOKEN, validator);
WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
service.getInInterceptors().add(inhandler);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
callbackHandler.setSignAssertion(true);
properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
properties.put(WSHandlerConstants.USER, "alice");
properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
properties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
try {
echo.echo("test");
fail("Failure expected on receiving sender vouches instead of HOK");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
// expected
}
validator.setRequireSenderVouches(false);
try {
echo.echo("test");
fail("Failure expected on receiving a SAML 1.1 Token instead of SAML 2.0");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
// expected
}
validator.setRequireSAML1Assertion(false);
assertEquals("test", echo.echo("test"));
}
/**
* This test ensures that the interceptor count is the same no matter how many times the decorator
* is called on the constructor.
*/
@Test
public void ensureInterceptorCountIsConstant() {
CONNECTClient<TestServicePortType> client = createClient();
Client cxfClient = ClientProxy.getClient(client.getPort());
int numOutInterceptors = cxfClient.getOutInterceptors().size();
createClient();
createClient();
CONNECTClient<TestServicePortType> client2 = createClient();
Client cxfClient2 = ClientProxy.getClient(client2.getPort());
assertEquals(numOutInterceptors, cxfClient2.getOutInterceptors().size());
}
// In this test, the service is using the UsernameTokenInterceptor, but the
// client is using the WSS4JOutInterceptor
@org.junit.Test
public void testPasswordHashedNoBindingReplay() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = UsernameTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItDigestNoBindingPort");
DoubleItPortType utPort = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(utPort, test.getPort());
if (!test.isStreaming() && PORT.equals(test.getPort())) {
Client cxfClient = ClientProxy.getClient(utPort);
SecurityHeaderCacheInterceptor cacheInterceptor = new SecurityHeaderCacheInterceptor();
cxfClient.getOutInterceptors().add(cacheInterceptor);
// Make two invocations with the same UsernameToken
utPort.doubleIt(25);
try {
utPort.doubleIt(25);
fail("Failure expected on a replayed UsernameToken");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
assertTrue(ex.getMessage().equals(WSSecurityException.UNIFIED_SECURITY_ERR));
}
}
((java.io.Closeable) utPort).close();
bus.shutdown(true);
}
private MetadataModelServicePortType getMMSSoapClient()
throws GeneralSecurityException, IOException {
MetadataModelServicePortType mmsPort = MMSSoapClientFactory.createSoapClient(MMS_URL);
Client client = ClientProxy.getClient(mmsPort);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
return mmsPort;
}
/**
* This method verifies that the passed in client is configured for Ws-Security properly.
*
* @param client
*/
public void verifyWsSecurityProperties(CONNECTClient<?> client) {
Client clientProxy = ClientProxy.getClient(client.getPort());
WSS4JOutInterceptor wss4jInterceptor = null;
for (Interceptor<? extends Message> interceptor : clientProxy.getOutInterceptors()) {
if (interceptor instanceof WSS4JOutInterceptor) {
wss4jInterceptor = (WSS4JOutInterceptor) interceptor;
break;
}
}
assertNotNull(wss4jInterceptor);
assertTrue(wss4jInterceptor.isAllowMTOM());
Map<String, Object> properties = wss4jInterceptor.getProperties();
new WsSecurityConfigFactoryTest().verifyWsSecurityProperties(properties);
}
@Override
public void initialize(Client client, Bus bus) {
// check if there is logging interceptor
removeInterceptorWhichIsOutThePhases(
client.getInInterceptors(), REMAINING_IN_PHASES, getInInterceptorNames());
removeInterceptorWhichIsOutThePhases(
client.getEndpoint().getInInterceptors(), REMAINING_IN_PHASES, getInInterceptorNames());
client.getEndpoint().getBinding().getInInterceptors().clear();
// we need to keep the LoggingOutputInterceptor
getOutInterceptorNames().add(LoggingOutInterceptor.class.getName());
removeInterceptorWhichIsOutThePhases(
client.getOutInterceptors(), REMAINING_OUT_PHASES, getOutInterceptorNames());
removeInterceptorWhichIsOutThePhases(
client.getEndpoint().getOutInterceptors(), REMAINING_OUT_PHASES, getOutInterceptorNames());
client.getEndpoint().getBinding().getOutInterceptors().clear();
client.getEndpoint().getOutInterceptors().add(new RawMessageContentRedirectInterceptor());
}
@Override
protected void configureInterceptors(Client client) {
super.configureInterceptors(client);
client.getInInterceptors().add(new InPayloadExtractorInterceptor(SOAP_BODY));
client.getInInterceptors().add(new InNamespaceMergeInterceptor());
client.getInInterceptors().add(new InPayloadInjectorInterceptor(0));
client.getEndpoint().getService().setDataBinding(new PlainXmlDataBinding());
// install auditing-related interceptors if the user has not switched auditing off
if (auditStrategy != null) {
client
.getOutInterceptors()
.add(
new AuditOutRequestInterceptor<>(
auditStrategy, correlator, getWsTransactionConfiguration()));
AuditResponseInterceptor<Hl7v3AuditDataset> auditInterceptor =
new AuditResponseInterceptor<>(auditStrategy, false, correlator, false);
client.getInInterceptors().add(auditInterceptor);
client.getInFaultInterceptors().add(auditInterceptor);
}
}
/** Helper method for installing of payload-collecting SOAP interceptors for the given Client. */
protected static void installPayloadInterceptors(Client client) {
client.getOutInterceptors().add(new OutStreamSubstituteInterceptor());
client.getOutInterceptors().add(new OutPayloadExtractorInterceptor());
}
/**
* 利用cxf工具, 将cxf的bin目录配置到环境变量 注意, cxf挑剔jdk版本
*
* @param args
*/
public static void main(String[] args) {
/**
* 生成webservie客户端代理的命令<br>
* wsdl2java -d 根目录 -p 包结构 wsdlurl<br>
* wsdl2java -d D:\WorkCatlog\sts_workspace\source\Example\src\main\java -p
* webservice2.client.src http://localhost:9999/ws?wsdl<br>
* wsdl2js http://localhost:9999/ws?wsdl
*/
HelloWorld factory = new HelloWorld();
HelloWorldService hwService = factory.getHelloWorldServiceImpPort();
// 客户端增加拦截器, 也需要cxf的API
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(hwService);
// client.getInInterceptors().add(new LoggingInInterceptor());
// client.getOutInterceptors().add(new LoggingOutInterceptor());
// 增加自定义的客户端out拦截器, 添加用户名和密码到header
client.getOutInterceptors().add(new AddLoginInfo2HeaderOutInterceptor("aaa", "ccc"));
client.getOutInterceptors().add(new LoggingOutInterceptor());
User user = new User();
user.setName("聂宾潇");
List<Cat> cats = hwService.queryCatByUser(user);
for (Cat cat : cats) {
System.out.println(cat.getName() + ":" + cat.getColor());
}
StringCat stringCats = hwService.getAllCats();
List<Entry> entrys = stringCats.getEntrys();
for (Entry entry : entrys) {
System.out.println(entry.getKey() + ":" + entry.getValue().getName());
}
/**
* soap消息请求和输出体
*
* <pre>
* [2015-08-23 20:47:35] [INFO] [org.apache.cxf.interceptor.AbstractLoggingInterceptor]Inbound Message
* ----------------------------
* ID: 1
* Address: /ws
* Encoding: UTF-8
* Content-Type: text/xml; charset=UTF-8
* Headers: {content-type=[text/xml; charset=UTF-8], connection=[keep-alive], Host=[localhost:9999], Content-Length=[225], SOAPAction=[""], User-Agent=[Apache CXF 2.3.2], Content-Type=[text/xml; charset=UTF-8], Accept=[*/*], Pragma=[no-cache], Cache-Control=[no-cache]}
* Payload:
* <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
* <soap:Body>
* <ns2:queryCatByUser xmlns:ns2="http://service.webservice2/">
* <user>
* <name>聂宾潇</name>
* </user>
* </ns2:queryCatByUser>
* </soap:Body>
* </soap:Envelope>
* --------------------------------------
*
*
* [2015-08-23 20:47:35] [INFO] [org.apache.cxf.interceptor.AbstractLoggingInterceptor]Outbound Message
* ---------------------------
* ID: 1
* Encoding: UTF-8
* Content-Type: text/xml
* Headers: {}
* Payload:
* <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
* <soap:Body>
* <ns2:queryCatByUserResponse xmlns:ns2="http://service.webservice2/">
* <cats><color>red</color><name>小呆比</name></cats>
* <cats><color>yellow</color><name>大代笔</name></cats>
* </ns2:queryCatByUserResponse>
* </soap:Body>
* </soap:Envelope>
* </pre>
*/
}
