Examples with XmlSigOutInterceptor org.apache.cxf.rs.security.xml.XmlSigOutInterceptor used on opensource projects

Example 11 with XmlSigOutInterceptor

use of org.apache.cxf.rs.security.xml.XmlSigOutInterceptor in project cxf by apache.

the class JAXRSXmlSecTest method testSignaturePassword.

@Test
public void testSignaturePassword() throws Exception {
    String address = "https://localhost:" + test.port + "/xmlsig/bookstore/books";
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    bean.setAddress(address);
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
    properties.put(SecurityConstants.SIGNATURE_PASSWORD, "password");
    properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "org/apache/cxf/systest/jaxrs/security/alice.properties");
    bean.setProperties(properties);
    if (test.streaming) {
        XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
        sigOutInterceptor.setSignRequest(true);
        sigOutInterceptor.setKeyInfoMustBeAvailable(true);
        bean.getOutInterceptors().add(sigOutInterceptor);
        XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
        sigInInterceptor.setRequireSignature(true);
        bean.setProvider(sigInInterceptor);
    } else {
        XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
        sigOutInterceptor.setKeyInfoMustBeAvailable(true);
        bean.getOutInterceptors().add(sigOutInterceptor);
        XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
        sigInInterceptor.setKeyInfoMustBeAvailable(true);
        bean.getInInterceptors().add(sigInInterceptor);
    }
    WebClient wc = bean.createWebClient();
    WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
    Book book = wc.type("application/xml").post(new Book("CXF", 126L), Book.class);
    assertEquals(126L, book.getId());
}

Example 12 with XmlSigOutInterceptor

use of org.apache.cxf.rs.security.xml.XmlSigOutInterceptor in project cxf by apache.

the class JAXRSXmlSecTest method testSignatureNegativeClient.

@Test
public void testSignatureNegativeClient() throws Exception {
    String address = "https://localhost:" + test.port + "/xmlsignegativeclient/bookstore/books";
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    bean.setAddress(address);
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
    properties.put(SecurityConstants.SIGNATURE_USERNAME, "bethal");
    properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "org/apache/cxf/systest/jaxrs/security/bethal.properties");
    bean.setProperties(properties);
    if (test.streaming) {
        XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
        sigOutInterceptor.setSignRequest(true);
        bean.getOutInterceptors().add(sigOutInterceptor);
        XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
        sigInInterceptor.setRequireSignature(true);
        bean.setProvider(sigInInterceptor);
    } else {
        XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
        bean.getOutInterceptors().add(sigOutInterceptor);
        XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
        bean.getInInterceptors().add(sigInInterceptor);
    }
    WebClient wc = bean.createWebClient();
    WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
    try {
        wc.type("application/xml").post(new Book("CXF", 126L), Book.class);
        fail("Failure expected on signature trust failure");
    } catch (ProcessingException ex) {
        assertTrue(ex.getCause() instanceof BadRequestException);
    }
}

Example 13 with XmlSigOutInterceptor

use of org.apache.cxf.rs.security.xml.XmlSigOutInterceptor in project testcases by coheigea.

the class AuthenticationTest method testUnauthenticatedRequest.

@org.junit.Test
public void testUnauthenticatedRequest() throws Exception {
    URL busFile = AuthenticationTest.class.getResource("cxf-client.xml");
    String address = "http://localhost:" + PORT + "/doubleit/services";
    WebClient client = WebClient.create(address, busFile.toString());
    client = client.type("application/xml");
    Map<String, Object> properties = new HashMap<String, Object>();
    properties.put("ws-security.callback-handler", "org.apache.coheigea.cxf.jaxrs.xmlsecurity.common.CommonCallbackHandler");
    properties.put("ws-security.signature.username", "imposter");
    properties.put("ws-security.signature.properties", "imposterKeystore.properties");
    WebClient.getConfig(client).getRequestContext().putAll(properties);
    XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
    WebClient.getConfig(client).getOutInterceptors().add(sigInterceptor);
    Number numberToDouble = new Number();
    numberToDouble.setDescription("This is the number to double");
    numberToDouble.setNumber(25);
    Response response = client.post(numberToDouble);
    assertEquals(response.getStatus(), 400);
}

Example 14 with XmlSigOutInterceptor

use of org.apache.cxf.rs.security.xml.XmlSigOutInterceptor in project testcases by coheigea.

the class AuthenticationTest method testAuthenticatedRequest.

@org.junit.Test
public void testAuthenticatedRequest() throws Exception {
    URL busFile = AuthenticationTest.class.getResource("cxf-client.xml");
    String address = "http://localhost:" + PORT + "/doubleit/services";
    WebClient client = WebClient.create(address, busFile.toString());
    client = client.type("application/xml");
    Map<String, Object> properties = new HashMap<String, Object>();
    properties.put("ws-security.callback-handler", "org.apache.coheigea.cxf.jaxrs.xmlsecurity.common.CommonCallbackHandler");
    properties.put("ws-security.signature.username", "myclientkey");
    properties.put("ws-security.signature.properties", "clientKeystore.properties");
    WebClient.getConfig(client).getRequestContext().putAll(properties);
    XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
    WebClient.getConfig(client).getOutInterceptors().add(sigInterceptor);
    Number numberToDouble = new Number();
    numberToDouble.setDescription("This is the number to double");
    numberToDouble.setNumber(25);
    Response response = client.post(numberToDouble);
    assertEquals(response.getStatus(), 200);
    assertEquals(response.readEntity(Number.class).getNumber(), 50);
}