cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1558861 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ systests/ws-securit...
Date Thu, 16 Jan 2014 17:34:30 GMT
Author: coheigea
Date: Thu Jan 16 17:34:30 2014
New Revision: 1558861

URL: http://svn.apache.org/r1558861
Log:
Standardizing security error messages

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Thu Jan 16 17:34:30 2014
@@ -802,10 +802,14 @@ public class WSS4JInInterceptor extends 
     createSoapFault(SoapVersion version, WSSecurityException e) {
         SoapFault fault;
         javax.xml.namespace.QName faultCode = e.getFaultCode();
+        String errorMessage = WSS4JUtils.mapFaultCodeToMessage(faultCode);
+        if (errorMessage == null) {
+            errorMessage = e.getMessage();
+        }
         if (version.getVersion() == 1.1 && faultCode != null) {
-            fault = new SoapFault(e.getMessage(), e, faultCode);
+            fault = new SoapFault(errorMessage, e, faultCode);
         } else {
-            fault = new SoapFault(e.getMessage(), e, version.getSender());
+            fault = new SoapFault(errorMessage, e, version.getSender());
             if (version.getVersion() != 1.1 && faultCode != null) {
                 fault.setSubCode(faultCode);
             }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
Thu Jan 16 17:34:30 2014
@@ -24,6 +24,7 @@ import java.security.Key;
 import java.util.Date;
 
 import javax.crypto.SecretKey;
+import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -40,6 +41,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.cache.ReplayCacheFactory;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -49,6 +51,21 @@ import org.apache.xml.security.exception
  * UsernameTokenInterceptor.
  */
 public final class WSS4JUtils {
+    
+    // FAULT error messages
+    public static final String UNSUPPORTED_TOKEN_ERR = "An unsupported token was provided";
+    public static final String UNSUPPORTED_ALGORITHM_ERR = 
+        "An unsupported signature or encryption algorithm was used";
+    public static final String INVALID_SECURITY_ERR = 
+        "An error was discovered processing the <wsse:Security> header.";
+    public static final String INVALID_SECURITY_TOKEN_ERR = 
+        "An invalid security token was provided";
+    public static final String FAILED_AUTHENTICATION_ERR = 
+        "The security token could not be authenticated or authorized";
+    public static final String FAILED_CHECK_ERR = "The signature or decryption was invalid";
+    public static final String SECURITY_TOKEN_UNAVAILABLE_ERR = 
+        "Referenced security token could not be retrieved";
+    public static final String MESSAGE_EXPIRED_ERR = "The message has expired";
 
     private WSS4JUtils() {
         // complete
@@ -213,4 +230,29 @@ public final class WSS4JUtils {
 
     }
 
+    /**
+     * Map a standard FaultCode QName to a standard error String
+     */
+    public static String mapFaultCodeToMessage(QName faultCode) {
+        String errorMessage = null;
+        if (WSConstants.UNSUPPORTED_SECURITY_TOKEN.equals(faultCode)) {
+            errorMessage = UNSUPPORTED_TOKEN_ERR;
+        } else if (WSConstants.UNSUPPORTED_ALGORITHM.equals(faultCode)) {
+            errorMessage = UNSUPPORTED_ALGORITHM_ERR;
+        } else if (WSConstants.INVALID_SECURITY.equals(faultCode)) {
+            errorMessage = INVALID_SECURITY_ERR;
+        } else if (WSConstants.INVALID_SECURITY_TOKEN.equals(faultCode)) {
+            errorMessage = INVALID_SECURITY_TOKEN_ERR;
+        } else if (WSConstants.FAILED_AUTHENTICATION.equals(faultCode)) {
+            errorMessage = FAILED_AUTHENTICATION_ERR;
+        } else if (WSConstants.FAILED_CHECK.equals(faultCode)) {
+            errorMessage = FAILED_CHECK_ERR;
+        } else if (WSConstants.SECURITY_TOKEN_UNAVAILABLE.equals(faultCode)) {
+            errorMessage = SECURITY_TOKEN_UNAVAILABLE_ERR;
+        } else if (WSConstants.MESSAGE_EXPIRED.equals(faultCode)) {
+            errorMessage = MESSAGE_EXPIRED_ERR;
+        }
+        return errorMessage;
+        
+    }
 }

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java
Thu Jan 16 17:34:30 2014
@@ -170,8 +170,7 @@ public class WSS4JFaultCodeTest extends 
             inHandler.handleMessage(inmsg);
             fail("Expected failure on an invalid Timestamp");
         } catch (SoapFault fault) {
-            assertTrue(fault.getReason().contains(
-                " The security semantics of the message have expired"));
+            assertTrue(fault.getReason().contains("The message has expired"));
             QName faultCode = new QName(WSConstants.WSSE_NS, "MessageExpired");
             assertTrue(fault.getFaultCode().equals(faultCode));
         }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
Thu Jan 16 17:34:30 2014
@@ -150,7 +150,7 @@ public class ActionTest extends Abstract
             port.doubleIt(25);
             fail("Failure expected on a replayed UsernameToken");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "A replay attack has been detected";
+            String error = "An error was discovered processing the <wsse:Security>
header.";
             assertTrue(ex.getMessage().contains(error));
         }
         
@@ -212,7 +212,7 @@ public class ActionTest extends Abstract
             port.doubleIt(25);
             fail("Failure expected on a replayed Timestamp");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "A replay attack has been detected";
+            String error = "An error was discovered processing the <wsse:Security>
header.";
             assertTrue(ex.getMessage().contains(error));
         }
         

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Thu Jan 16 17:34:30 2014
@@ -953,8 +953,9 @@ public class SamlTokenTest extends Abstr
             saml2Port.doubleIt(25);
             fail("Failure expected on a replayed SAML Assertion");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "A replay attack has been detected";
-            assertTrue(ex.getMessage().contains(error));
+            String error = "An error was discovered processing the <wsse:Security>
header.";
+            assertTrue(ex.getMessage().contains(error)
+                       || ex.getMessage().contains("A replay attack has been detected"));
         }
         
         ((java.io.Closeable)saml2Port).close();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Thu Jan 16 17:34:30 2014
@@ -656,7 +656,9 @@ public class SecurityPolicyTest extends 
             // Different errors using different JDKs...
             assertTrue(errorMessage.contains("Certificate has been revoked")
                        || errorMessage.contains("Certificate revocation")
-                       || errorMessage.contains("Error during certificate path validation"));
+                       || errorMessage.contains("Error during certificate path validation")
+                       || errorMessage.contains(
+                           "The security token could not be authenticated or authorized"));
         }
         
         // TODO See WSS-464

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
Thu Jan 16 17:34:30 2014
@@ -369,10 +369,9 @@ public class UsernameTokenTest extends A
                 utPort.doubleIt(25);
                 fail("Failure expected on a replayed UsernameToken");
             } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-                String error = "A replay attack has been detected";
-                assertTrue(ex.getMessage().contains(error)
-                           || ex.getMessage().contains(
-                               "The security token could not be authenticated or authorized"));
+                String error = "An error was discovered processing the <wsse:Security>
header.";
+                String error2 = "The security token could not be authenticated or authorized";
+                assertTrue(ex.getMessage().contains(error) || ex.getMessage().contains(error2));
             }
         }
         

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1558861&r1=1558860&r2=1558861&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Thu Jan 16 17:34:30 2014
@@ -925,7 +925,7 @@ public class X509TokenTest extends Abstr
             x509Port.doubleIt(25);
             fail("Failure expected on a replayed Timestamp");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "A replay attack has been detected";
+            String error = "An error was discovered processing the <wsse:Security>
header.";
             assertTrue(ex.getMessage().contains(error)
                        || ex.getMessage().contains("The message has expired"));
         }



Mime
View raw message