cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] 01/02: Adding a JWS test for NONE signature algorithm
Date Tue, 14 Nov 2017 17:04:42 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 0b41912ef154373c900e1932a86d827a8f5e6963
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Tue Nov 14 16:39:06 2017 +0000

    Adding a JWS test for NONE signature algorithm
---
 .../security/jose/jwejws/JweJwsAlgorithmTest.java  | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
index 709f3b0..876c784 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
@@ -33,6 +33,7 @@ import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
 import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
 import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -505,4 +506,32 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase
{
         assertNotEquals(response.getStatus(), 200);
     }
 
+    @org.junit.Test
+    public void testUnsignedTokenFailure() throws Exception {
+
+        URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+        List<Object> providers = new ArrayList<>();
+        providers.add(new JacksonJsonProvider());
+        JwsWriterInterceptor writerInterceptor = new JwsWriterInterceptor();
+        writerInterceptor.setSignatureProvider(new NoneJwsSignatureProvider());
+        providers.add(writerInterceptor);
+
+        String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+        WebClient client =
+            WebClient.create(address, providers, busFile.toString());
+        client.type("application/json").accept("application/json");
+
+        Map<String, Object> properties = new HashMap<>();
+        properties.put("rs.security.keystore.type", "jwk");
+        properties.put("rs.security.keystore.alias", "2011-04-29");
+        properties.put("rs.security.keystore.file",
+                       "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+        properties.put("rs.security.signature.algorithm", "none");
+        WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+        Response response = client.post(new Book("book", 123L));
+        assertNotEquals(response.getStatus(), 200);
+    }
+
 }

-- 
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <commits@cxf.apache.org>.

Mime
View raw message