cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1476264 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/ sys...
Date Fri, 26 Apr 2013 16:02:10 GMT
Author: coheigea
Date: Fri Apr 26 16:02:05 2013
New Revision: 1476264

URL: http://svn.apache.org/r1476264
Log:
[CXF-4954] - CryptoCoverageChecker prevents handling of SOAPFault-Responses

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/DoubleItImpl.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=1476264&r1=1476263&r2=1476264&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
Fri Apr 26 16:02:05 2013
@@ -28,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 
 import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPEnvelope;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 import javax.xml.xpath.XPath;
@@ -80,6 +81,8 @@ public class CryptoCoverageChecker exten
      */
     protected Map<String, String> prefixMap = new HashMap<String, String>();
     
+    private boolean checkFaults = true;
+    
     /**
      * Creates a new instance.  See {@link #setPrefixes()} and {@link #setXpaths()}
      * for providing configuration options.
@@ -117,6 +120,22 @@ public class CryptoCoverageChecker exten
      *             covered by the required cryptographic operation
      */
     public void handleMessage(SoapMessage message) throws Fault {
+        if (this.xPaths == null || this.xPaths.isEmpty()) {
+            // return
+        }
+        
+        Element documentElement = null;
+        try {
+            SOAPMessage saajDoc = message.getContent(SOAPMessage.class);
+            SOAPEnvelope envelope = saajDoc.getSOAPPart().getEnvelope();
+            if (!checkFaults && envelope.getBody().hasFault()) {
+                return;
+            }
+            documentElement = envelope;
+        } catch (SOAPException e) {
+            throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
+        }
+        
         final Collection<WSDataRef> signed = new HashSet<WSDataRef>();
         final Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
         
@@ -160,55 +179,43 @@ public class CryptoCoverageChecker exten
         }
         
         CryptoCoverageUtil.reconcileEncryptedSignedRefs(signed, encrypted);
-        
-        if (this.xPaths != null && !this.xPaths.isEmpty()) {
-            // XPathFactory and XPath are not thread-safe so we must recreate them
-            // each request.
-            final XPathFactory factory = XPathFactory.newInstance();
-            final XPath xpath = factory.newXPath();
-            
-            if (this.prefixMap != null) {
-                xpath.setNamespaceContext(new MapNamespaceContext(this.prefixMap));
-            }
-            
-            for (XPathExpression xPathExpression : this.xPaths) {
-                Collection<WSDataRef> refsToCheck = null;
-                
-                switch (xPathExpression.getType()) {
-                case SIGNED:
-                    refsToCheck = signed;
-                    break;
-                case ENCRYPTED:
-                    refsToCheck = encrypted;
-                    break;
-                default:
-                    throw new IllegalStateException("Unexpected crypto type: " 
-                            + xPathExpression.getType());
-                }
-                        
-                try {
-                    SOAPMessage saajDoc = message.getContent(SOAPMessage.class);
-                    Element documentElement = null;
-                    if (saajDoc != null && saajDoc.getSOAPPart() != null) {
-                        documentElement = saajDoc.getSOAPPart().getEnvelope();
-                    }
-                    
-                    CryptoCoverageUtil.checkCoverage(
-                            documentElement,
-                            refsToCheck,
-                            xpath, 
-                            Arrays.asList(xPathExpression.getXPath()),
-                            xPathExpression.getType(),
-                            xPathExpression.getScope());
-                } catch (WSSecurityException e) {
-                    throw new SoapFault("No " + xPathExpression.getType()
-                            + " element found matching XPath "
-                            + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
-                } catch (SOAPException e) {
-                    throw new SoapFault("No " + xPathExpression.getType()
-                            + " element found matching XPath "
-                            + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
-                }
+
+        // XPathFactory and XPath are not thread-safe so we must recreate them
+        // each request.
+        final XPathFactory factory = XPathFactory.newInstance();
+        final XPath xpath = factory.newXPath();
+
+        if (this.prefixMap != null) {
+            xpath.setNamespaceContext(new MapNamespaceContext(this.prefixMap));
+        }
+
+        for (XPathExpression xPathExpression : this.xPaths) {
+            Collection<WSDataRef> refsToCheck = null;
+
+            switch (xPathExpression.getType()) {
+            case SIGNED:
+                refsToCheck = signed;
+                break;
+            case ENCRYPTED:
+                refsToCheck = encrypted;
+                break;
+            default:
+                throw new IllegalStateException("Unexpected crypto type: " 
+                    + xPathExpression.getType());
+            }
+
+            try {
+                CryptoCoverageUtil.checkCoverage(
+                                                 documentElement,
+                                                 refsToCheck,
+                                                 xpath, 
+                                                 Arrays.asList(xPathExpression.getXPath()),
+                                                 xPathExpression.getType(),
+                                                 xPathExpression.getScope());
+            } catch (WSSecurityException e) {
+                throw new SoapFault("No " + xPathExpression.getType()
+                                    + " element found matching XPath "
+                                    + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
             }
         }
     }
@@ -263,6 +270,14 @@ public class CryptoCoverageChecker exten
         }
     }
 
+    public boolean isCheckFaults() {
+        return checkFaults;
+    }
+
+    public void setCheckFaults(boolean checkFaults) {
+        this.checkFaults = checkFaults;
+    }
+
     /**
      * A simple wrapper for an XPath expression and coverage type / scope
      * indicating how the XPath expression should be enforced as a cryptographic

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/DoubleItImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/DoubleItImpl.java?rev=1476264&r1=1476263&r2=1476264&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/DoubleItImpl.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/DoubleItImpl.java
Fri Apr 26 16:02:05 2013
@@ -31,6 +31,9 @@ import org.example.contract.doubleit.Dou
 public class DoubleItImpl implements DoubleItPortType {
     
     public int doubleIt(int numberToDouble) throws DoubleItFault {
+        if (numberToDouble == 0) {
+            throw new DoubleItFault("0 can't be doubled!");
+        }
         return numberToDouble * 2;
     }
     

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java?rev=1476264&r1=1476263&r2=1476264&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
Fri Apr 26 16:02:05 2013
@@ -430,4 +430,36 @@ public class DefaultCryptoCoverageChecke
         bus.shutdown(true);
     }
     
+    // Here the service is sending an secured message back to the client. For a server Fault

+    // message it returns the original fault, as the CryptoCoverageChecker is configured
not 
+    // to check a fault (see CXF-4954)
+    @org.junit.Test
+    public void testClientChecker() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItClientCheckerPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        port.doubleIt(25);
+        
+        // Now try with a message that will create a Fault in the SEI
+        try {
+            port.doubleIt(0);
+            fail("Failure expected on trying to double 0");
+        } catch (Exception ex) {
+            assertTrue(ex.getMessage().contains("0 can't be doubled"));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
 }

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl?rev=1476264&r1=1476263&r2=1476264&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
Fri Apr 26 16:02:05 2013
@@ -77,6 +77,9 @@
         <wsdl:port name="DoubleItWSAPort" binding="tns:DoubleItSoapBinding">
             <soap:address location="http://localhost:9001/DoubleItWSA" />
         </wsdl:port>
+        <wsdl:port name="DoubleItClientCheckerPort" binding="tns:DoubleItSoapBinding">
+            <soap:address location="http://localhost:9001/DoubleItClientChecker" />
+        </wsdl:port>
     </wsdl:service>
     
 </wsdl:definitions>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml?rev=1476264&r1=1476263&r2=1476264&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
Fri Apr 26 16:02:05 2013
@@ -58,4 +58,23 @@
          </jaxws:features>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItClientCheckerPort"

+                  createdFromAPI="true">
+        <jaxws:inInterceptors>
+        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+           <constructor-arg>
+            <map>
+               <entry key="action" value="Signature"/>
+               <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+               <entry key="passwordCallbackClass" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+            </map>
+           </constructor-arg>
+        </bean>
+        <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker">
+             <property name="checkFaults" value="false"/>
+        </bean>
+       </jaxws:inInterceptors>
+    </jaxws:client>
+    
 </beans>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml?rev=1476264&r1=1476263&r2=1476264&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
Fri Apr 26 16:02:05 2013
@@ -149,5 +149,28 @@
            <wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"/>
        </jaxws:features>
     </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="ClientChecker"
+       address="http://localhost:${testutil.ports.Server}/DoubleItClientChecker" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItClientCheckerPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl">
+       <jaxws:outInterceptors>
+         <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+           <constructor-arg>
+            <map>
+               <entry key="action" value="Signature"/>
+               <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+               <entry key="passwordCallbackClass" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+               <entry key="user" value="alice"/>
+            </map>
+           </constructor-arg>
+        </bean>
+       </jaxws:outInterceptors>
+    </jaxws:endpoint> 
    
 </beans>



Mime
View raw message