You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Glen Mazza <gl...@verizon.net> on 2007/10/06 01:01:35 UTC
Re: svn commit: r582385 - in /incubator/cxf/trunk:
common/common/src/main/java/org/apache/cxf/helpers/
rt/core/src/main/java/org/apache/cxf/transport/http/
systests/src/test/java/org/apache/cxf/systest/http_jetty/
systests/src/test/java/org/apache/cxf/syst...
Am Freitag, den 05.10.2007, 20:57 +0000 schrieb dkulp@apache.org:
> Author: dkulp
> Date: Fri Oct 5 13:57:29 2007
> New Revision: 582385
>
> Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxws/OASISCatalogTest.java
> URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxws/OASISCatalogTest.java?rev=582385&r1=582384&r2=582385&view=diff
> ==============================================================================
> --- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxws/OASISCatalogTest.java (original)
> +++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxws/OASISCatalogTest.java Fri Oct 5 13:57:29 2007
> @@ -19,20 +19,24 @@
>
>
> + @Test
> + public void testWSDLPublishWithCatalogs() throws Exception {
> + Endpoint ep = Endpoint.publish(null, new GreeterImpl());
> + try {
> + URL url = new URL("http://localhost:9000/SoapContext/SoapPort?"
> + + "xsd=testutils/hello_world_schema2.xsd");
> + assertNotNull(url.getContent());
> +
> +
> + url = new URL("http://localhost:9000/SoapContext/SoapPort"
> + + "?xsd=testutils/hello_world_schema.xsd");
I'm not sure what the code is doing here--but could this be a security
bug? Are you saying, just by typing in a network path
("testutils/..."), the user can download any xsd file from the server?
Certain directories, such as within the WEB-INF directory of a WAR file,
are not supposed to be directly callable externally. I don't know how
relevant that concern might be here though.
> + String result = IOUtils.toString((InputStream)url.getContent());
> + assertTrue(result.contains("xsd=testutils/hello_world_schema2.xsd"));
testutils/hello_world_schema.xsd? (unsure what is happening here)
> +
> + url = new
> URL("http://localhost:9000/SoapContext/SoapPort"
> + +
> "?wsdl=testutils/hello_world_messages_catalog.wsdl");
> + result = IOUtils.toString((InputStream)url.getContent());
> +
> +assertTrue(result.contains("xsd=testutils/hello_world_schema.xsd"));
testutils/hello_world_messages_catalog.wsdl?
> Added: incubator/cxf/trunk/testutils/src/main/resources/wsdl/hello_world_wsdl_import_catalog.wsdl
> URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/testutils/src/main/resources/wsdl/hello_world_wsdl_import_catalog.wsdl?rev=582385&view=auto
> ==============================================================================
> --- incubator/cxf/trunk/testutils/src/main/resources/wsdl/hello_world_wsdl_import_catalog.wsdl (added)
> +++ incubator/cxf/trunk/testutils/src/main/resources/wsdl/hello_world_wsdl_import_catalog.wsdl Fri Oct 5 13:57:29 2007
> @@ -0,0 +1,50 @@
> +<?xml version="1.0" encoding="UTF-8"?>
> +<!--
> +-->
> +<wsdl:definitions name="HelloWorldImport"
> + xmlns="http://schemas.xmlsoap.org/wsdl/"
> + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> + xmlns:tns="http://apache.org/hello_world"
> + xmlns:x1="http://apache.org/hello_world/messages"
> + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
> + xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> + targetNamespace="http://apache.org/hello_world">
> +
> + <wsdl:import
> + namespace="http://apache.org/hello_world/messages"
> + location="testutils/hello_world_messages_catalog.wsdl"/>
> +
> + <wsdl:portType name="Greeter">
> + <wsdl:operation name="sayHi">
> + <wsdl:input message="x1:sayHiRequest" name="sayHiRequest"/>
> + <wsdl:output message="x1:sayHiResponse" name="sayHiResponse"/>
> + </wsdl:operation>
> +
> + <wsdl:operation name="greetMe">
> + <wsdl:input message="x1:greetMeRequest" name="greetMeRequest"/>
> + <wsdl:output message="x1:greetMeResponse" name="greetMeResponse"/>
> + </wsdl:operation>
> +
> + <wsdl:operation name="pingMe">
> + <wsdl:input name="pingMeRequest" message="x1:pingMeRequest"/>
> + <wsdl:output name="pingMeResponse" message="x1:pingMeResponse"/>
> + <wsdl:fault name="pingMeFault" message="x1:pingMeFault"/>
> + </wsdl:operation>
I'm not sure why we need to have the "name" attribute added to the
wsdl:input and wsdl:output of these operations. Since you're just
restating their default values[1] anyway, it seems distracting to be
including them here. Apparently only the wsdl:faults need an explicit
name.
[1] http://www.w3.org/TR/wsdl#_names
Regards,
Glen
Re: svn commit: r582385 - in /incubator/cxf/trunk: common/common/src/main/java/org/apache/cxf/helpers/ rt/core/src/main/java/org/apache/cxf/transport/http/ systests/src/test/java/org/apache/cxf/systest/http_jetty/ systests/src/test/java/org/apache/cxf/syst...
Posted by Daniel Kulp <dk...@apache.org>.
On Linux, that wss4j.RoundTripTest and the SequenceTest in systests seem
to fail occasionally and randomly. I haven't had a chance to try and
figure out why. Usually, just re-running mvn install seems to work fine
for me. I'd be OK with putting an @Ignore on it (with a note saying it
randomly fails) for now.
Dan
On Saturday 06 October 2007, Glen Mazza wrote:
> Am Freitag, den 05.10.2007, 20:31 -0400 schrieb Daniel Kulp:
> > > I'm not sure why we need to have the "name" attribute added to the
> > > wsdl:input and wsdl:output of these operations. Since you're just
> > > restating their default values[1] anyway, it seems distracting to
> > > be including them here. Apparently only the wsdl:faults need an
> > > explicit name.
> >
> > Probably right. I just took a bunch of wsdl's in the testutils,
> > copied them, and changed them from using relative imports to using
> > catalogs. Other than the imports, I left the rest alone. Feel
> > free to fix them since you have the Karma. :-)
>
> I'm trying to...BTW, if I do a complete checkout, and type "mvn
> install" in the trunk directory, I should *not* see any test failures,
> correct? I'm getting this error:
>
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
> Running org.apache.cxf.ws.security.wss4j.RoundTripTest
> Tests run: 3, Failures: 1, Errors: 0, Skipped: 1, Time elapsed: 10.433
> sec <<< FAILURE!
> testUsernameToken(org.apache.cxf.ws.security.wss4j.RoundTripTest)
> Time elapsed: 3.499 sec <<< FAILURE!
> java.lang.AssertionError: expected:<test> but was:<null>
> at org.junit.Assert.fail(Assert.java:71)
> at org.junit.Assert.failNotEquals(Assert.java:451)
> at org.junit.Assert.assertEquals(Assert.java:99)
> at org.junit.Assert.assertEquals(Assert.java:116)
> at
> org.apache.cxf.ws.security.wss4j.RoundTripTest.testUsernameToken(Round
>TripTest.java:110)
>
> I don't know how normal it is for test failures to occur from
> trunk--or whether we should commit things if we are getting such
> failures locally.
>
> Thanks,
> Glen
>
> > Thanks!
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
Re: svn commit: r582385 - in /incubator/cxf/trunk:
common/common/src/main/java/org/apache/cxf/helpers/
rt/core/src/main/java/org/apache/cxf/transport/http/
systests/src/test/java/org/apache/cxf/systest/http_jetty/
systests/src/test/java/org/apache/cxf/syst...
Posted by Glen Mazza <gl...@verizon.net>.
Am Freitag, den 05.10.2007, 20:31 -0400 schrieb Daniel Kulp:
> > I'm not sure why we need to have the "name" attribute added to the
> > wsdl:input and wsdl:output of these operations. Since you're just
> > restating their default values[1] anyway, it seems distracting to be
> > including them here. Apparently only the wsdl:faults need an explicit
> > name.
>
> Probably right. I just took a bunch of wsdl's in the testutils, copied
> them, and changed them from using relative imports to using catalogs.
> Other than the imports, I left the rest alone. Feel free to fix them
> since you have the Karma. :-)
>
I'm trying to...BTW, if I do a complete checkout, and type "mvn install"
in the trunk directory, I should *not* see any test failures, correct?
I'm getting this error:
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.cxf.ws.security.wss4j.RoundTripTest
Tests run: 3, Failures: 1, Errors: 0, Skipped: 1, Time elapsed: 10.433
sec <<< FAILURE!
testUsernameToken(org.apache.cxf.ws.security.wss4j.RoundTripTest) Time
elapsed: 3.499 sec <<< FAILURE!
java.lang.AssertionError: expected:<test> but was:<null>
at org.junit.Assert.fail(Assert.java:71)
at org.junit.Assert.failNotEquals(Assert.java:451)
at org.junit.Assert.assertEquals(Assert.java:99)
at org.junit.Assert.assertEquals(Assert.java:116)
at
org.apache.cxf.ws.security.wss4j.RoundTripTest.testUsernameToken(RoundTripTest.java:110)
I don't know how normal it is for test failures to occur from trunk--or
whether we should commit things if we are getting such failures locally.
Thanks,
Glen
> Thanks!
Re: svn commit: r582385 - in /incubator/cxf/trunk: common/common/src/main/java/org/apache/cxf/helpers/ rt/core/src/main/java/org/apache/cxf/transport/http/ systests/src/test/java/org/apache/cxf/systest/http_jetty/ systests/src/test/java/org/apache/cxf/syst...
Posted by Daniel Kulp <dk...@apache.org>.
On Friday 05 October 2007, Glen Mazza wrote:
> > + @Test
> > + public void testWSDLPublishWithCatalogs() throws Exception {
> > + Endpoint ep = Endpoint.publish(null, new GreeterImpl());
> > + try {
> > + URL url = new
> > URL("http://localhost:9000/SoapContext/SoapPort?" +
> > + "xsd=testutils/hello_world_schema2.xsd"); +
> > assertNotNull(url.getContent());
> > +
> > +
> > + url = new
> > URL("http://localhost:9000/SoapContext/SoapPort" +
> > + "?xsd=testutils/hello_world_schema.xsd");
>
> I'm not sure what the code is doing here--but could this be a security
> bug? Are you saying, just by typing in a network path
> ("testutils/..."), the user can download any xsd file from the server?
> Certain directories, such as within the WEB-INF directory of a WAR
> file, are not supposed to be directly callable externally. I don't
> know how relevant that concern might be here though.
Shouldn't be an issue. The first time a ?wsdl or ?xsd file is requested
from the service, it resolves all the imports and creates a Map of
original URL -> wsdl/schema. If the requested wsdl/xsd is not in the
map, it doesn't return anything. It doesn't try to resolve anything
outside the imports specified in the wsdl/schemas.
> > + String result =
> > IOUtils.toString((InputStream)url.getContent()); +
> > assertTrue(result.contains("xsd=testutils/hello_world_schema2.xsd"))
> >;
>
> testutils/hello_world_schema.xsd? (unsure what is happening here)
If you look in testutils/src/main/resources/wsdl, I added a bunch of
wsdls and schemas that use catalog entries (testutils/xxxxxxx.wsdl)
instead of relative paths for all the imports. What I'm testing is to
make sure that all the imports that are handled by catalogs get properly
replaced. If you look at hello_world_schema.xsd in testutils, it has
an import for "testutils/hello_world_schema2.xsd". I'm making sure
that we properly detected that it was handled by a catalog and then
replaced with a resolvable URL.
> > + url = new
> > URL("http://localhost:9000/SoapContext/SoapPort"
> > + +
> > "?wsdl=testutils/hello_world_messages_catalog.wsdl");
> > + result =
> > IOUtils.toString((InputStream)url.getContent()); +
> > +assertTrue(result.contains("xsd=testutils/hello_world_schema.xsd"))
> >;
>
> testutils/hello_world_messages_catalog.wsdl?
Same as above. It imports the schema via a catalog.
> > + <wsdl:operation name="pingMe">
> > + <wsdl:input name="pingMeRequest"
> > message="x1:pingMeRequest"/> + <wsdl:output
> > name="pingMeResponse" message="x1:pingMeResponse"/> +
> > <wsdl:fault name="pingMeFault" message="x1:pingMeFault"/> +
> > </wsdl:operation>
>
> I'm not sure why we need to have the "name" attribute added to the
> wsdl:input and wsdl:output of these operations. Since you're just
> restating their default values[1] anyway, it seems distracting to be
> including them here. Apparently only the wsdl:faults need an explicit
> name.
Probably right. I just took a bunch of wsdl's in the testutils, copied
them, and changed them from using relative imports to using catalogs.
Other than the imports, I left the rest alone. Feel free to fix them
since you have the Karma. :-)
Thanks!
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog