@Test public void testSaml1() throws Exception { // Create + configure service Service service = createService(); WSSSecurityProperties inProperties = new WSSSecurityProperties(); inProperties.setValidateSamlSubjectConfirmation(false); WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); service.getInInterceptors().add(inhandler); // Create + configure client Echo echo = createClientProxy(); Client client = ClientProxy.getClient(echo); client.getInInterceptors().add(new LoggingInInterceptor()); client.getOutInterceptors().add(new LoggingOutInterceptor()); Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties); client.getOutInterceptors().add(ohandler); assertEquals("test", echo.echo("test")); }
@Test public void testSaml1SignedSenderVouches() throws Exception { // Create + configure service Service service = createService(); WSSSecurityProperties inProperties = new WSSSecurityProperties(); Properties cryptoProperties = CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); inProperties.setSignatureVerificationCryptoProperties(cryptoProperties); WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); service.getInInterceptors().add(inhandler); // Create + configure client Echo echo = createClientProxy(); Client client = ClientProxy.getClient(echo); client.getInInterceptors().add(new LoggingInInterceptor()); client.getOutInterceptors().add(new LoggingOutInterceptor()); Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); properties.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()); properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler()); properties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties"); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties); client.getOutInterceptors().add(ohandler); assertEquals("test", echo.echo("test")); }
/** Configures SOAP interceptors for the given client. */ protected void configureInterceptors(Client client) { client.getInInterceptors().add(new Cxf3791WorkaroundInterceptor()); // WS-Addressing-related interceptors if (wsTransactionConfiguration.isAddressing()) { MustUnderstandDecoratorInterceptor interceptor = new MustUnderstandDecoratorInterceptor(); for (String nsUri : SoapUtils.WS_ADDRESSING_NS_URIS) { interceptor.addHeader(new QName(nsUri, "Action")); } client.getOutInterceptors().add(interceptor); MAPCodec mapCodec = new MAPCodec(); MAPAggregator mapAggregator = new MAPAggregator(); client.getInInterceptors().add(mapCodec); client.getInInterceptors().add(mapAggregator); client.getInFaultInterceptors().add(mapCodec); client.getInFaultInterceptors().add(mapAggregator); client.getOutInterceptors().add(mapCodec); client.getOutInterceptors().add(mapAggregator); client.getOutFaultInterceptors().add(mapCodec); client.getOutFaultInterceptors().add(mapAggregator); } if (wsTransactionConfiguration.isSwaOutSupport()) { client.getOutInterceptors().add(new ProvidedAttachmentOutInterceptor()); client.getOutInterceptors().add(new FixContentTypeOutInterceptor()); } InterceptorUtils.copyInterceptorsFromProvider(customInterceptors, client); }
@Test public void testSaml2TokenHOK() throws Exception { // Create + configure service Service service = createService(); WSSSecurityProperties inProperties = new WSSSecurityProperties(); Properties cryptoProperties = CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); inProperties.setSignatureVerificationCryptoProperties(cryptoProperties); CustomStaxSamlValidator validator = new CustomStaxSamlValidator(); inProperties.addValidator(WSConstants.SAML_TOKEN, validator); inProperties.addValidator(WSConstants.SAML2_TOKEN, validator); WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); service.getInInterceptors().add(inhandler); // Create + configure client Echo echo = createClientProxy(); Client client = ClientProxy.getClient(echo); client.getInInterceptors().add(new LoggingInInterceptor()); client.getOutInterceptors().add(new LoggingOutInterceptor()); Map<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); callbackHandler.setSignAssertion(true); properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); properties.put(WSHandlerConstants.USER, "alice"); properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler()); properties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties"); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties); client.getOutInterceptors().add(ohandler); try { echo.echo("test"); fail("Failure expected on receiving sender vouches instead of HOK"); } catch (javax.xml.ws.soap.SOAPFaultException ex) { // expected } validator.setRequireSenderVouches(false); try { echo.echo("test"); fail("Failure expected on receiving a SAML 1.1 Token instead of SAML 2.0"); } catch (javax.xml.ws.soap.SOAPFaultException ex) { // expected } validator.setRequireSAML1Assertion(false); assertEquals("test", echo.echo("test")); }
/** * This test ensures that the interceptor count is the same no matter how many times the decorator * is called on the constructor. */ @Test public void ensureInterceptorCountIsConstant() { CONNECTClient<TestServicePortType> client = createClient(); Client cxfClient = ClientProxy.getClient(client.getPort()); int numOutInterceptors = cxfClient.getOutInterceptors().size(); createClient(); createClient(); CONNECTClient<TestServicePortType> client2 = createClient(); Client cxfClient2 = ClientProxy.getClient(client2.getPort()); assertEquals(numOutInterceptors, cxfClient2.getOutInterceptors().size()); }
// In this test, the service is using the UsernameTokenInterceptor, but the // client is using the WSS4JOutInterceptor @org.junit.Test public void testPasswordHashedNoBindingReplay() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = UsernameTokenTest.class.getResource("client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItDigestNoBindingPort"); DoubleItPortType utPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(utPort, test.getPort()); if (!test.isStreaming() && PORT.equals(test.getPort())) { Client cxfClient = ClientProxy.getClient(utPort); SecurityHeaderCacheInterceptor cacheInterceptor = new SecurityHeaderCacheInterceptor(); cxfClient.getOutInterceptors().add(cacheInterceptor); // Make two invocations with the same UsernameToken utPort.doubleIt(25); try { utPort.doubleIt(25); fail("Failure expected on a replayed UsernameToken"); } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().equals(WSSecurityException.UNIFIED_SECURITY_ERR)); } } ((java.io.Closeable) utPort).close(); bus.shutdown(true); }
private MetadataModelServicePortType getMMSSoapClient() throws GeneralSecurityException, IOException { MetadataModelServicePortType mmsPort = MMSSoapClientFactory.createSoapClient(MMS_URL); Client client = ClientProxy.getClient(mmsPort); client.getInInterceptors().add(new LoggingInInterceptor()); client.getOutInterceptors().add(new LoggingOutInterceptor()); return mmsPort; }
/** * This method verifies that the passed in client is configured for Ws-Security properly. * * @param client */ public void verifyWsSecurityProperties(CONNECTClient<?> client) { Client clientProxy = ClientProxy.getClient(client.getPort()); WSS4JOutInterceptor wss4jInterceptor = null; for (Interceptor<? extends Message> interceptor : clientProxy.getOutInterceptors()) { if (interceptor instanceof WSS4JOutInterceptor) { wss4jInterceptor = (WSS4JOutInterceptor) interceptor; break; } } assertNotNull(wss4jInterceptor); assertTrue(wss4jInterceptor.isAllowMTOM()); Map<String, Object> properties = wss4jInterceptor.getProperties(); new WsSecurityConfigFactoryTest().verifyWsSecurityProperties(properties); }
@Override public void initialize(Client client, Bus bus) { // check if there is logging interceptor removeInterceptorWhichIsOutThePhases( client.getInInterceptors(), REMAINING_IN_PHASES, getInInterceptorNames()); removeInterceptorWhichIsOutThePhases( client.getEndpoint().getInInterceptors(), REMAINING_IN_PHASES, getInInterceptorNames()); client.getEndpoint().getBinding().getInInterceptors().clear(); // we need to keep the LoggingOutputInterceptor getOutInterceptorNames().add(LoggingOutInterceptor.class.getName()); removeInterceptorWhichIsOutThePhases( client.getOutInterceptors(), REMAINING_OUT_PHASES, getOutInterceptorNames()); removeInterceptorWhichIsOutThePhases( client.getEndpoint().getOutInterceptors(), REMAINING_OUT_PHASES, getOutInterceptorNames()); client.getEndpoint().getBinding().getOutInterceptors().clear(); client.getEndpoint().getOutInterceptors().add(new RawMessageContentRedirectInterceptor()); }
@Override protected void configureInterceptors(Client client) { super.configureInterceptors(client); client.getInInterceptors().add(new InPayloadExtractorInterceptor(SOAP_BODY)); client.getInInterceptors().add(new InNamespaceMergeInterceptor()); client.getInInterceptors().add(new InPayloadInjectorInterceptor(0)); client.getEndpoint().getService().setDataBinding(new PlainXmlDataBinding()); // install auditing-related interceptors if the user has not switched auditing off if (auditStrategy != null) { client .getOutInterceptors() .add( new AuditOutRequestInterceptor<>( auditStrategy, correlator, getWsTransactionConfiguration())); AuditResponseInterceptor<Hl7v3AuditDataset> auditInterceptor = new AuditResponseInterceptor<>(auditStrategy, false, correlator, false); client.getInInterceptors().add(auditInterceptor); client.getInFaultInterceptors().add(auditInterceptor); } }
/** Helper method for installing of payload-collecting SOAP interceptors for the given Client. */ protected static void installPayloadInterceptors(Client client) { client.getOutInterceptors().add(new OutStreamSubstituteInterceptor()); client.getOutInterceptors().add(new OutPayloadExtractorInterceptor()); }
/** * 利用cxf工具, 将cxf的bin目录配置到环境变量 注意, cxf挑剔jdk版本 * * @param args */ public static void main(String[] args) { /** * 生成webservie客户端代理的命令<br> * wsdl2java -d 根目录 -p 包结构 wsdlurl<br> * wsdl2java -d D:\WorkCatlog\sts_workspace\source\Example\src\main\java -p * webservice2.client.src http://localhost:9999/ws?wsdl<br> * wsdl2js http://localhost:9999/ws?wsdl */ HelloWorld factory = new HelloWorld(); HelloWorldService hwService = factory.getHelloWorldServiceImpPort(); // 客户端增加拦截器, 也需要cxf的API org.apache.cxf.endpoint.Client client = ClientProxy.getClient(hwService); // client.getInInterceptors().add(new LoggingInInterceptor()); // client.getOutInterceptors().add(new LoggingOutInterceptor()); // 增加自定义的客户端out拦截器, 添加用户名和密码到header client.getOutInterceptors().add(new AddLoginInfo2HeaderOutInterceptor("aaa", "ccc")); client.getOutInterceptors().add(new LoggingOutInterceptor()); User user = new User(); user.setName("聂宾潇"); List<Cat> cats = hwService.queryCatByUser(user); for (Cat cat : cats) { System.out.println(cat.getName() + ":" + cat.getColor()); } StringCat stringCats = hwService.getAllCats(); List<Entry> entrys = stringCats.getEntrys(); for (Entry entry : entrys) { System.out.println(entry.getKey() + ":" + entry.getValue().getName()); } /** * soap消息请求和输出体 * * <pre> * [2015-08-23 20:47:35] [INFO] [org.apache.cxf.interceptor.AbstractLoggingInterceptor]Inbound Message * ---------------------------- * ID: 1 * Address: /ws * Encoding: UTF-8 * Content-Type: text/xml; charset=UTF-8 * Headers: {content-type=[text/xml; charset=UTF-8], connection=[keep-alive], Host=[localhost:9999], Content-Length=[225], SOAPAction=[""], User-Agent=[Apache CXF 2.3.2], Content-Type=[text/xml; charset=UTF-8], Accept=[*/*], Pragma=[no-cache], Cache-Control=[no-cache]} * Payload: * <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> * <soap:Body> * <ns2:queryCatByUser xmlns:ns2="http://service.webservice2/"> * <user> * <name>聂宾潇</name> * </user> * </ns2:queryCatByUser> * </soap:Body> * </soap:Envelope> * -------------------------------------- * * * [2015-08-23 20:47:35] [INFO] [org.apache.cxf.interceptor.AbstractLoggingInterceptor]Outbound Message * --------------------------- * ID: 1 * Encoding: UTF-8 * Content-Type: text/xml * Headers: {} * Payload: * <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> * <soap:Body> * <ns2:queryCatByUserResponse xmlns:ns2="http://service.webservice2/"> * <cats><color>red</color><name>小呆比</name></cats> * <cats><color>yellow</color><name>大代笔</name></cats> * </ns2:queryCatByUserResponse> * </soap:Body> * </soap:Envelope> * </pre> */ }