Return-Path: <commits-return-45746-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id A47E6200C46
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 29 Mar 2017 13:00:06 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id A2CE0160B8A; Wed, 29 Mar 2017 11:00:06 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id EAB9D160B7C
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 29 Mar 2017 13:00:05 +0200 (CEST)
Received: (qmail 48080 invoked by uid 500); 29 Mar 2017 11:00:05 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 48066 invoked by uid 99); 29 Mar 2017 11:00:05 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Mar 2017 11:00:04 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id BD28CDFE34; Wed, 29 Mar 2017 11:00:04 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <dcd56ccbc54449e4bb8a087ecd0c1899@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Add another test to check that an exception is thrown
 if a service response is not signed
Date: Wed, 29 Mar 2017 11:00:04 +0000 (UTC)
archived-at: Wed, 29 Mar 2017 11:00:06 -0000

Repository: cxf
Updated Branches:
  refs/heads/master be2bf8d64 -> da23fad19


Add another test to check that an exception is thrown if a service response is not signed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/da23fad1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/da23fad1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/da23fad1

Branch: refs/heads/master
Commit: da23fad198105185329dccef088267b9fc27c8b8
Parents: be2bf8d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Mar 29 11:51:53 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Mar 29 11:53:21 2017 +0100

----------------------------------------------------------------------
 .../jaxrs/security/xml/JAXRSXmlSecTest.java     | 49 ++++++++++++++++++++
 .../cxf/systest/jaxrs/security/xml/server.xml   | 13 ++++++
 2 files changed, 62 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/da23fad1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 1166daa..29d1cc5 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -397,6 +397,55 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
     }
 
     @Test
+    public void testUnsignedServerResponse() throws Exception {
+        if (STAX_PORT.equals(test.port)) {
+            // We are only testing the client here
+            return;
+        }
+        String address = "https://localhost:" + test.port + "/xmlnosigresponse/bookstore/books";
+
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        Map<String, Object> properties = new HashMap<>();
+        properties.put(SecurityConstants.CALLBACK_HANDLER,
+                       "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+        properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
+        properties.put(SecurityConstants.SIGNATURE_PROPERTIES,
+                       "org/apache/cxf/systest/jaxrs/security/alice.properties");
+        bean.setProperties(properties);
+        if (test.streaming) {
+            XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+            sigOutInterceptor.setSignRequest(true);
+            bean.getOutInterceptors().add(sigOutInterceptor);
+
+            XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+            sigInInterceptor.setRequireSignature(true);
+            bean.setProvider(sigInInterceptor);
+        } else {
+            XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
+            bean.getOutInterceptors().add(sigOutInterceptor);
+
+            XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
+            bean.getInInterceptors().add(sigInInterceptor);
+        }
+
+        WebClient wc = bean.createWebClient();
+        WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+        try {
+            wc.post(new Book("CXF", 126L), Book.class);
+            fail("Failure expected on an unsigned response message");
+        } catch (ProcessingException ex) {
+            assertTrue(ex.getCause() instanceof BadRequestException);
+        }
+    }
+
+    @Test
     public void testPostBookWithEnvelopedSigKeyName() throws Exception {
         // This test only applies to StAX - see CXF-7084
         if (!test.streaming || !STAX_PORT.equals(test.port)) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/da23fad1/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
index 5e10787..63c5551 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
@@ -128,6 +128,19 @@ under the License.
         </jaxrs:properties>
     </jaxrs:server>
     
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlnosigresponse">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="xmlSigInHandler"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
+    
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsigconstraints">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>