axis-java-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From veit...@apache.org
Subject svn commit: r1377230 - in /axis/axis2/java/rampart/trunk/modules/rampart-core/src: main/java/org/apache/rampart/ main/java/org/apache/rampart/util/ test/ test/java/ test/java/org/ test/java/org/apache/ test/java/org/apache/rampart/ test/java/org/apache...
Date Sat, 25 Aug 2012 07:33:19 GMT
Author: veithen
Date: Sat Aug 25 07:33:18 2012
New Revision: 1377230

URL: http://svn.apache.org/viewvc?rev=1377230&view=rev
Log:
RAMPART-358: Fixed the security fault detection code.

Added:
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
  (with props)
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
  (with props)
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
  (with props)
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
  (with props)
Modified:
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java

Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1377230&r1=1377229&r2=1377230&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
(original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
Sat Aug 25 07:33:18 2012
@@ -16,13 +16,8 @@
 
 package org.apache.rampart;
 
-import org.apache.axiom.soap.SOAP11Constants;
-import org.apache.axiom.soap.SOAP12Constants;
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axiom.soap.SOAPFault;
-import org.apache.axiom.soap.SOAPFaultCode;
-import org.apache.axiom.soap.SOAPFaultSubCode;
-import org.apache.axiom.soap.SOAPFaultValue;
 import org.apache.axiom.soap.SOAPHeader;
 import org.apache.axiom.soap.SOAPHeaderBlock;
 import org.apache.axis2.AxisFault;
@@ -290,41 +285,7 @@ public class RampartEngine {
 
 	
 	private boolean isSecurityFault(RampartMessageData rmd) {
-
-		SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
-		SOAPFault soapFault = soapEnvelope.getBody().getFault();
-
-		// This is not a soap fault
-		if (soapFault == null) {
-			return false;
-		}
-
-		String soapVersionURI = rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
-		SOAPFaultCode faultCode = soapFault.getCode();
-		if(faultCode == null){
-			//If no fault code is given, then it can't be security fault
-			return false;
-		}
-		
-		if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
-			// This is a fault processing the security header
-			if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
-				return true;
-			}
-		} else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
-			// TODO AXIOM API returns only one fault sub code, there can be many
-			SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
-			if (faultSubCode != null) {
-				SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
-
-				// This is a fault processing the security header
-				if (faultSubCodeValue != null && faultSubCodeValue.getTextAsQName().
-						getNamespaceURI().equals(WSConstants.WSSE_NS)) {
-					return true;
-				}
-			}
-		}
-
-		return false;
+		SOAPFault soapFault = rmd.getMsgContext().getEnvelope().getBody().getFault();
+		return soapFault == null ? false : RampartUtil.isSecurityFault(soapFault);
 	}
 }

Modified: axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=1377230&r1=1377229&r2=1377230&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Sat Aug 25 07:33:18 2012
@@ -1897,4 +1897,31 @@ public class RampartUtil {
         return SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder());
     }
 
+    /**
+     * Check if the given SOAP fault reports a security fault.
+     * 
+     * @param fault
+     *            the SOAP fault; must not be <code>null</code>
+     * @return <code>true</code> if the fault is a security fault; <code>false</code>
otherwise
+     */
+    public static boolean isSecurityFault(SOAPFault fault) {
+        String soapVersionURI = fault.getNamespaceURI();
+        SOAPFaultCode code = fault.getCode();
+        if (code == null) {
+            // If no fault code is given, then it can't be security fault
+            return false;
+        } else if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+            return isSecurityFaultCode(code);
+        } else {
+            // For SOAP 1.2 security faults, the fault code is env:Sender, and the security
fault code is
+            // specified in the subcode
+            SOAPFaultSubCode subCode = code.getSubCode();
+            return subCode == null ? false : isSecurityFaultCode(subCode);
+        }
+    }
+    
+    private static boolean isSecurityFaultCode(SOAPFaultClassifier code) {
+        QName value = code.getValueAsQName();
+        return value == null ? false : value.getNamespaceURI().equals(WSConstants.WSSE_NS);
+    }
 }

Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java?rev=1377230&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
(added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
Sat Aug 25 07:33:18 2012
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.util;
+
+import junit.framework.TestCase;
+
+import org.apache.axiom.om.OMXMLBuilderFactory;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public class RampartUtilTest extends TestCase {
+    public void testIsSecurityFaultSOAP11() {
+        SOAPEnvelope env = OMXMLBuilderFactory.createSOAPModelBuilder(
+                RampartUtilTest.class.getResourceAsStream("soap11-security-fault.xml"), null).getSOAPEnvelope();
+        assertTrue(RampartUtil.isSecurityFault(env.getBody().getFault()));
+    }
+    
+    public void testIsSecurityFaultSOAP12() {
+        SOAPEnvelope env = OMXMLBuilderFactory.createSOAPModelBuilder(
+                RampartUtilTest.class.getResourceAsStream("soap12-security-fault.xml"), null).getSOAPEnvelope();
+        assertTrue(RampartUtil.isSecurityFault(env.getBody().getFault()));
+    }
+
+    public void testIsSecurityFaultSOAP11Invalid() {
+        SOAPEnvelope env = OMXMLBuilderFactory.createSOAPModelBuilder(
+                RampartUtilTest.class.getResourceAsStream("soap11-invalid-fault.xml"), null).getSOAPEnvelope();
+        assertFalse(RampartUtil.isSecurityFault(env.getBody().getFault()));
+    }
+}

Propchange: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml?rev=1377230&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
(added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
Sat Aug 25 07:33:18 2012
@@ -0,0 +1,9 @@
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
+   <env:Header/>
+   <env:Body>
+      <env:Fault>
+         <faultcode>{HATA KODU:}K060</faultcode>
+         <faultstring>...</faultstring>
+      </env:Fault>
+   </env:Body>
+</env:Envelope>

Propchange: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml?rev=1377230&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
(added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
Sat Aug 25 07:33:18 2012
@@ -0,0 +1,10 @@
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
+   <env:Header/>
+   <env:Body>
+      <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+         <faultcode>ns0:InvalidSecurity</faultcode>
+         <faultstring>InvalidSecurity : error in processing the WS-Security security
header</faultstring>
+         <faultactor/>
+      </env:Fault>
+   </env:Body>
+</env:Envelope>

Propchange: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml?rev=1377230&view=auto
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
(added)
+++ axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
Sat Aug 25 07:33:18 2012
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
+    <soapenv:Body>
+        <soapenv:Fault>
+            <soapenv:Code>
+                <soapenv:Value>soapenv:Sender</soapenv:Value>
+                <soapenv:Subcode>
+                    <soapenv:Value xmlns:axis2ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">axis2ns1:FailedAuthentication</soapenv:Value>
+                </soapenv:Subcode>
+            </soapenv:Code>
+            <soapenv:Reason>
+                <soapenv:Text>CWWSS6521E: The Login failed because of an exception:
javax.security.auth.login.LoginException: CWWSS7062E: Failed to check username [user1] and
password in the UserRegsitry: WSSUserRegistryProcessor.checkRegistry()=false</soapenv:Text>
+            </soapenv:Reason>
+            <soapenv:Detail></soapenv:Detail>
+        </soapenv:Fault>
+    </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file

Propchange: axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message