cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] 01/02: CXF-7550 - StaxActionInInterceptor can't function completely with WSS4JStaxInInterceptor
Date Wed, 08 Nov 2017 12:37:07 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit ed886f1400197ae0b432d4552eddc1844902925c
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed Nov 8 11:49:20 2017 +0000

    CXF-7550 - StaxActionInInterceptor can't function completely with WSS4JStaxInInterceptor
    
    (cherry picked from commit 5d7a27d87a44d3e87f97d446e14301ad0a4e457c)
    
    # Conflicts:
    #	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    #	systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java
---
 .../ws/security/wss4j/WSS4JStaxInInterceptor.java  |  7 +-
 .../org/apache/cxf/systest/ws/fault/FaultTest.java | 84 ++++++++++++++++------
 .../apache/cxf/systest/ws/fault/DoubleItFault.wsdl |  6 ++
 .../org/apache/cxf/systest/ws/fault/client.xml     | 52 ++++++++++++++
 .../org/apache/cxf/systest/ws/fault/server.xml     | 50 +++++++++++++
 5 files changed, 170 insertions(+), 29 deletions(-)

diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index 83ff2f5..e7e2afa 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -58,10 +58,8 @@ import org.apache.wss4j.stax.setup.InboundWSSec;
 import org.apache.wss4j.stax.setup.WSSec;
 import org.apache.wss4j.stax.validate.Validator;
 import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
-import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
 
 public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
     
@@ -191,10 +189,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor
{
         final SecurityEventListener securityEventListener = new SecurityEventListener() {
             @Override
             public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException
{
-                if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.TIMESTAMP
-                    || securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue
-                    || securityEvent instanceof TokenSecurityEvent
-                    || securityEvent instanceof AbstractSecuredElementSecurityEvent) {
+                if (securityEvent.getSecurityEventType() != WSSecurityEventConstants.AlgorithmSuite)
{
                     // Store events required for the security context setup, or the crypto
coverage checker
                     incomingSecurityEventList.add(securityEvent);
                 }
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java
index f881788..1c6ce5b 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java
@@ -99,32 +99,14 @@ public class FaultTest extends AbstractBusClientServerTestBase {
         } catch (Exception ex) {
             assertTrue(ex.getMessage().contains("This is a fault"));
         }
-        ((java.io.Closeable)utPort).close();
-        bus.shutdown(true);
-    }
-    
-    @org.junit.Test
-    public void testSoap11StAX() throws Exception {
 
-        SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = FaultTest.class.getResource("client.xml");
-
-        Bus bus = bf.createBus(busFile.toString());
-        BusFactory.setDefaultBus(bus);
-        BusFactory.setThreadDefaultBus(bus);
-
-        URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl");
-        Service service = Service.create(wsdl, SERVICE_QNAME);
-        QName portQName = new QName(NAMESPACE, "DoubleItSoap11Port");
-        DoubleItPortType utPort =
-                service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(utPort, PORT);
+        // Switch to the StAX stack
+        SecurityTestUtil.enableStreaming(utPort);
 
         // Make a successful invocation
-        SecurityTestUtil.enableStreaming(utPort);
         ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "alice");
         utPort.doubleIt(25);
-/*
+
         // Now make an invocation using another username
         ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "bob");
         ((BindingProvider)utPort).getRequestContext().put("security.password", "password");
@@ -132,9 +114,9 @@ public class FaultTest extends AbstractBusClientServerTestBase {
             utPort.doubleIt(25);
             fail("Expected failure on bob");
         } catch (Exception ex) {
-            assertTrue(ex.getMessage().contains("This is a fault"));
+            // TODO assertTrue(ex.getMessage().contains("This is a fault"));
         }
-*/
+
         ((java.io.Closeable)utPort).close();
         bus.shutdown(true);
     }
@@ -331,4 +313,60 @@ public class FaultTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)utPort).close();
         bus.shutdown(true);
     }
+
+    @org.junit.Test
+    public void testUnsecuredSoap11Action() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = FaultTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSoap11UnsecuredPort");
+        DoubleItPortType utPort =
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+
+        try {
+            utPort.doubleIt(25);
+            fail("Expected failure on bob");
+        } catch (Exception ex) {
+            assertTrue(ex.getMessage().contains("This is a fault"));
+        }
+
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+
+    @org.junit.Test
+    public void testUnsecuredSoap11ActionStAX() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = FaultTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSoap11UnsecuredPort2");
+        DoubleItPortType utPort =
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+
+        try {
+            utPort.doubleIt(25);
+            fail("Expected failure on bob");
+        } catch (Exception ex) {
+            assertTrue(ex.getMessage().contains("This is a fault"));
+        }
+
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
 }
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
index 09947df..2d32ab0 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
@@ -131,6 +131,12 @@
         <wsdl:port name="DoubleItJavaFirstPort" binding="tns:DoubleItSoap11NoPolicyBinding">
             <soap12:address location="http://localhost:9009/DoubleItJavaFirst"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItSoap11UnsecuredPort" binding="tns:DoubleItSoap11NoPolicyBinding">
+            <soap:address location="http://localhost:9009/DoubleItSoap11Unsecured"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItSoap11UnsecuredPort2" binding="tns:DoubleItSoap11NoPolicyBinding">
+            <soap:address location="http://localhost:9009/DoubleItSoap11Unsecured2"/>
+        </wsdl:port>
     </wsdl:service>
     <wsp:Policy wsu:Id="DoubleItPlaintextPolicy">
         <wsp:ExactlyOne>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
index b23a005..f15d43d 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
@@ -78,6 +78,58 @@
         </jaxws:features>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSoap11UnsecuredPort"
createdFromAPI="true">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureUser" value="alice"/>
+                        <entry key="signaturePropFile" value="alice.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureVerificationPropFile" value="alice.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSoap11UnsecuredPort2"
createdFromAPI="true">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureUser" value="alice"/>
+                        <entry key="signaturePropFile" value="alice.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureVerificationPropFile" value="alice.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:client>
+    
     <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="SymmetricUTPolicy">
     <wsp:ExactlyOne>
         <wsp:All>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server.xml
index 6085c50..03f7d2f 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server.xml
@@ -62,4 +62,54 @@
             <entry key="security.signature.properties" value="bob.properties"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Soap11Unsecured"
address="http://localhost:${testutil.ports.fault.Server}/DoubleItSoap11Unsecured" serviceName="s:DoubleItService"
endpointName="s:DoubleItSoap11UnsecuredPort" implementor="org.apache.cxf.systest.ws.fault.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureUser" value="bob"/>
+                        <entry key="signaturePropFile" value="bob.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureVerificationPropFile" value="bob.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Soap11Unsecured2"
address="http://localhost:${testutil.ports.fault.Server}/DoubleItSoap11Unsecured2" serviceName="s:DoubleItService"
endpointName="s:DoubleItSoap11UnsecuredPort2" implementor="org.apache.cxf.systest.ws.fault.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureUser" value="bob"/>
+                        <entry key="signaturePropFile" value="bob.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureVerificationPropFile" value="bob.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
 </beans>

-- 
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <commits@cxf.apache.org>.

Mime
View raw message