OpenLiberty · anjumfatima90 · Jan 23, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/....wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/sample/CxfSampleTests.java b/....wssecurity_fat.wsscxf.1/fat/src/com/ibm/ws/wssecurity/fat/cxf/sample/CxfSampleTests.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2020, 2024 IBM Corporation and others.
+ * Copyright (c) 2020, 2025 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -13,13 +13,20 @@
 
 package com.ibm.ws.wssecurity.fat.cxf.sample;
 
-import static componenttest.annotation.SkipForRepeat.CHECKPOINT_RULE;
+import static java.util.Collections.emptyMap;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
 
 import org.junit.ClassRule;
@@ -39,7 +46,6 @@
 
 import componenttest.annotation.CheckpointTest;
 import componenttest.annotation.Server;
-import componenttest.annotation.SkipForRepeat;
 import componenttest.custom.junit.runner.FATRunner;
 import componenttest.rules.repeater.CheckpointRule;
 import componenttest.rules.repeater.CheckpointRule.ServerMode;
@@ -71,12 +77,20 @@ public class CxfSampleTests {
 
     @ClassRule
     public static CheckpointRule checkpointRule = new CheckpointRule()
-                                                      .setConsoleLogName(CxfSampleTests.class.getSimpleName()+ ".log")
-                                                      .setServerSetup(CxfSampleTests::serverSetUp)
-                                                      .setServerStart(CxfSampleTests::serverStart)
-                                                      .setServerTearDown(CxfSampleTests::serverTearDown)
-                                                      .addUnsupportedRepeatIDs(EmptyAction.ID, RepeatWithEE7cbh20.ID)
-                                                      .addCheckpointRegexIgnoreMessages("CWWKG0101W", "SRVE0274W");
+                                                        .setConsoleLogName(CxfSampleTests.class.getSimpleName()+ ".log")
+                                                        .setServerSetup(CxfSampleTests::serverSetUp)
+                                                        .setServerStart(CxfSampleTests::serverStart)
+                                                        .setServerTearDown(CxfSampleTests::serverTearDown)
+                                                        .addUnsupportedRepeatIDs(EmptyAction.ID, RepeatWithEE7cbh20.ID)
+                                                        .addCheckpointRegexIgnoreMessages("CWWKG0101W", "SRVE0274W")
+                                                        .setPostCheckpointLambda(server -> {
+                                                            try {
+                                                                configureBeforeRestore();
+                                                            } catch (Exception e) {
+                                                                // TODO Auto-generated catch block
+                                                                e.printStackTrace();
+                                                            }
+                                                        });
 
     public static LibertyServer serverSetUp(ServerMode mode) throws Exception {
         //issue 23060
@@ -109,9 +123,36 @@ public static LibertyServer serverSetUp(ServerMode mode) throws Exception {
             JakartaEEAction.transformApp(WSSampleSei_archive);
         }
 
+        //Environment variable values are not set before checkpoint.
+        if (CheckpointRule.isActive()) {
+            configureEnvVariable(server, emptyMap());
+            //Temporarily disabling CRIU security provider until CRIU security provider in OpenJ9 is enhanced to support wsSecurity
+            List<String> options = new ArrayList<>();
+            options.add("-XX:-CRIUSecProvider");
+            server.setJvmOptions(options);
+        }
         return server;
     }
 
+    private static void configureBeforeRestore() throws Exception {
+        Map<String, String> config = new HashMap<>();
+        config.put("WS_SECURITY_PWD", "security");
+        config.put("CLIENT_SIGNATURE_PWD", "LibertyX509Client");
+        config.put("CLIENT_SIGNATURE_KEYSTORE", "x509ClientDefault.jks");
+        config.put("PROVIDER_ENCRYPTION_KEYSTORE", "x509ServerDefault.jks");
+        config.put("PROVIDER_ENCRYPTION_PWD", "LibertyX509Server");
+        configureEnvVariable(server, config);
+    }
+
+    private static void configureEnvVariable(LibertyServer server, Map<String, String> newEnv) throws Exception {
+        Properties serverEnvProperties = new Properties();
+        serverEnvProperties.putAll(newEnv);
+        File serverEnvFile = new File(server.getFileFromLibertyServerRoot("server.env").getAbsolutePath());
+        try (OutputStream out = new FileOutputStream(serverEnvFile)) {
+            serverEnvProperties.store(out, "");
+        }
+    }
+
     public static void serverStart(ServerMode mode, LibertyServer server) throws Exception {
         String thisMethod = "serverStart";
         String defaultPort = "8010";
@@ -127,6 +168,8 @@ public static void serverStart(ServerMode mode, LibertyServer server) throws Exc
             server.addInstalledAppForValidation("webcontent");
         }
 
+        //LibertyX509Client
+
         server.startServer(); // check CWWKS0008I: The security service is ready.
         SharedTools.waitForMessageInLog(server, "CWWKS0008I");
 
@@ -244,7 +287,6 @@ public void testEchoService() throws Exception {
     }
 
     @Test
-    @SkipForRepeat({ CHECKPOINT_RULE })
     public void testEcho4Service() throws Exception {
         String thisMethod = "testEcho4Service";
 

diff --git a/...bm.ws.wssecurity_fat.wsscxf.1/publish/servers/com.ibm.ws.wssecurity_fat.sample/server.env b/...bm.ws.wssecurity_fat.wsscxf.1/publish/servers/com.ibm.ws.wssecurity_fat.sample/server.env
@@ -0,0 +1,5 @@
+WS_SECURITY_PWD=security
+CLIENT_SIGNATURE_KEYSTORE=x509ClientDefault.jks
+CLIENT_SIGNATURE_PWD=LibertyX509Client
+PROVIDER_ENCRYPTION_KEYSTORE=x509ServerDefault.jks
+PROVIDER_ENCRYPTION_PWD=LibertyX509Server
diff --git a/....wssecurity_fat.wsscxf.1/publish/servers/com.ibm.ws.wssecurity_fat.sample/server_asym.xml b/....wssecurity_fat.wsscxf.1/publish/servers/com.ibm.ws.wssecurity_fat.sample/server_asym.xml
@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2020, 2021 IBM Corporation and others.
+    Copyright (c) 2020, 2025 IBM Corporation and others.
     All rights reserved. This program and the accompanying materials
     are made available under the terms of the Eclipse Public License 2.0
     which accompanies this distribution, and is available at
@@ -89,7 +89,7 @@
 	<!-- provide WebServiceClient user-ID and password -->
 	<wsSecurityClient
 		id="default"
-		ws-security.password="security"
+		ws-security.password="${ws_security_pwd}"
 		ws-security.username="user1"
 		ws-security.callback-handler="com.ibm.ws.wssecurity.example.cbh.CommonPasswordCallback"
 	>
@@ -98,9 +98,9 @@
 		<signatureProperties
 			signatureAlgorithm="sha256"
 			org.apache.ws.security.crypto.merlin.keystore.type="jks"
-			org.apache.ws.security.crypto.merlin.keystore.password="LibertyX509Client"
+			org.apache.ws.security.crypto.merlin.keystore.password="${client_signature_pwd}"
 			org.apache.ws.security.crypto.merlin.keystore.alias="x509ClientDefault"
-			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/x509ClientDefault.jks" />
+			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/${client_signature_keystore}" />
 		<encryptionProperties
 			org.apache.ws.security.crypto.merlin.keystore.type="jks"
 			org.apache.ws.security.crypto.merlin.keystore.password="LibertyX509Client2"
@@ -122,9 +122,9 @@
 			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/x509ServerSecond.jks" />
 		<encryptionProperties
 			org.apache.ws.security.crypto.merlin.keystore.type="jks"
-			org.apache.ws.security.crypto.merlin.keystore.password="LibertyX509Server"
+			org.apache.ws.security.crypto.merlin.keystore.password="${provider_encryption_pwd}"
 			org.apache.ws.security.crypto.merlin.keystore.alias="x509ClientDefaultCert"
-			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/x509ServerDefault.jks" />
+			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/${provider_encryption_keystore}" />
 	</wsSecurityProvider>
 
     <include location="imports/java2Permissions.xml" />

diff --git a/...urity_fat.wsscxf.1/publish/servers/com.ibm.ws.wssecurity_fat.sample/server_asym_wss4j.xml b/...urity_fat.wsscxf.1/publish/servers/com.ibm.ws.wssecurity_fat.sample/server_asym_wss4j.xml
@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2020, 2022 IBM Corporation and others.
+    Copyright (c) 2020, 2025 IBM Corporation and others.
     All rights reserved. This program and the accompanying materials
     are made available under the terms of the Eclipse Public License 2.0
     which accompanies this distribution, and is available at
@@ -89,7 +89,7 @@
 	<!-- provide WebServiceClient user-ID and password -->
 	<wsSecurityClient
 		id="default"
-		ws-security.password="security"
+		ws-security.password="${ws_security_pwd}"
 		ws-security.username="user1"
 		ws-security.callback-handler="com.ibm.ws.wssecurity.example.cbhwss4j.CommonPasswordCallbackWss4j"
 	>
@@ -98,9 +98,9 @@
 		<signatureProperties
 			signatureAlgorithm="sha256"
 			org.apache.ws.security.crypto.merlin.keystore.type="jks"
-			org.apache.ws.security.crypto.merlin.keystore.password="LibertyX509Client"
+			org.apache.ws.security.crypto.merlin.keystore.password="${client_signature_pwd}"
 			org.apache.ws.security.crypto.merlin.keystore.alias="x509ClientDefault"
-			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/x509ClientDefault.jks" />
+			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/${client_signature_keystore}" />
 		<encryptionProperties
 			org.apache.ws.security.crypto.merlin.keystore.type="jks"
 			org.apache.ws.security.crypto.merlin.keystore.password="LibertyX509Client2"
@@ -122,9 +122,9 @@
 			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/x509ServerSecond.jks" />
 		<encryptionProperties
 			org.apache.ws.security.crypto.merlin.keystore.type="jks"
-			org.apache.ws.security.crypto.merlin.keystore.password="LibertyX509Server"
+			org.apache.ws.security.crypto.merlin.keystore.password="${provider_encryption_pwd}"
 			org.apache.ws.security.crypto.merlin.keystore.alias="x509ClientDefaultCert"
-			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/x509ServerDefault.jks" />
+			org.apache.ws.security.crypto.merlin.file="${server.config.dir}/${provider_encryption_keystore}" />
 	</wsSecurityProvider>
 
     <include location="imports/java2Permissions.xml" />