You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/06 12:28:12 UTC
svn commit: r772134 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/WSUsernameTokenPrincipal.java
test/wssec/TestWSSecurityNew5.java
Author: coheigea
Date: Wed May 6 10:28:12 2009
New Revision: 772134
URL: http://svn.apache.org/viewvc?rev=772134&view=rev
Log:
[WSS-185] - Changed WSUsernameTokenPrincipal to take null usernames.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/WSUsernameTokenPrincipal.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSUsernameTokenPrincipal.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSUsernameTokenPrincipal.java?rev=772134&r1=772133&r2=772134&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSUsernameTokenPrincipal.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSUsernameTokenPrincipal.java Wed May 6 10:28:12 2009
@@ -46,35 +46,25 @@
*/
public class WSUsernameTokenPrincipal implements Principal, java.io.Serializable {
- /**
- * @serial
- */
- private String name = null;
- private String nonce = null;
- private String password = null;
- private String createdTime = null;
- private String passwordType = null;
+ private String name;
+ private String nonce;
+ private String password;
+ private String createdTime;
+ private String passwordType;
private boolean digest = false;
/**
* Create a WSUsernameTokenPrincipal with a WSUsernameToken username.
- * <p/>
*
* @param name the WSUsernameToken username for this user.
- * @throws NullPointerException if the <code>name</code>
- * is <code>null</code>.
*/
public WSUsernameTokenPrincipal(String name, boolean digest) {
- if (name == null)
- throw new NullPointerException("illegal null input");
this.name = name;
this.digest = digest;
}
/**
* Return the WSUsernameToken username for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @return the WSUsernameToken username for this <code>WSUsernameTokenPrincipal</code>
*/
@@ -84,8 +74,6 @@
/**
* Return the WSUsernameToken password type for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @return true if the password type was <code>PassowrdDigest</code>
*/
@@ -95,8 +83,6 @@
/**
* Set the WSUsernameToken password for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @param password
*/
@@ -106,8 +92,6 @@
/**
* Return the WSUsernameToken password for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @return the WSUsernameToken password for this <code>WSUsernameTokenPrincipal</code>
*/
@@ -117,8 +101,6 @@
/**
* Set the WSUsernameToken nonce for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @param nonce
*/
@@ -128,8 +110,6 @@
/**
* Return the WSUsernameToken nonce for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @return the WSUsernameToken nonce for this <code>WSUsernameTokenPrincipal</code>
*/
@@ -139,7 +119,6 @@
/**
* Set the WSUsernameToken created time for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
*
* @param createdTime
*/
@@ -149,7 +128,6 @@
/**
* Return the WSUsernameToken created time for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
*
* @return the WSUsernameToken created time for this <code>WSUsernameTokenPrincipal</code>
*/
@@ -159,7 +137,6 @@
/**
* Return a string representation of this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
*
* @return a string representation of this <code>WSUsernameTokenPrincipal</code>.
*/
@@ -173,19 +150,19 @@
public String getPasswordType() {
return passwordType;
}
+
/**
* @param passwordType The passwordType to set.
*/
public void setPasswordType(String passwordType) {
this.passwordType = passwordType;
}
+
/**
* Compares the specified Object with this <code>WSUsernameTokenPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>WSUsernameTokenPrincipal</code> and the two WSUsernameTokenPrincipals
* have the same username.
- * <p/>
- * <p/>
*
* @param o Object to be compared for equality with this
* <code>WSUsernameTokenPrincipal</code>.
@@ -211,12 +188,11 @@
/**
* Return a hash code for this <code>WSUsernameTokenPrincipal</code>.
- * <p/>
- * <p/>
*
* @return a hash code for this <code>WSUsernameTokenPrincipal</code>.
*/
public int hashCode() {
- return name.hashCode();
+ return this.hashCode();
}
+
}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java?rev=772134&r1=772133&r2=772134&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java Wed May 6 10:28:12 2009
@@ -83,6 +83,22 @@
+ "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
+ "<value xmlns=\"\">15</value>" + "</add>"
+ "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
+ private static final String SOAPUTNOUSERMSG =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ + "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
+ + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
+ + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
+ + "<SOAP-ENV:Header>"
+ + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
+ + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
+ + "<wsse:UsernameToken wsu:Id=\"UsernameToken-29477163\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">"
+ + "<wsse:Username></wsse:Username>"
+ + "<wsse:Password></wsse:Password>"
+ + "</wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>"
+ + "<SOAP-ENV:Body>"
+ + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">"
+ + "<value xmlns=\"\">15</value>" + "</add>"
+ + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
private MessageContext msgContext;
@@ -311,6 +327,25 @@
}
/**
+ * Test that adds a UserNameToken with no user (or password) to a WS-Security envelope
+ * See WSS-185 - https://issues.apache.org/jira/browse/WSS-185
+ * "NullPointerException on empty UsernameToken"
+ */
+ public void testUsernameTokenNoUser() throws Exception {
+ InputStream in = new ByteArrayInputStream(SOAPUTNOUSERMSG.getBytes());
+ Message msg = new Message(in);
+ msg.setMessageContext(msgContext);
+ SOAPEnvelope utEnvelope = msg.getSOAPEnvelope();
+ Document doc = utEnvelope.getAsDocument();
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ verify(doc);
+ }
+
+ /**
* Test that adds a UserNameToken with no password
*/
public void testUsernameTokenNoPassword() throws Exception {
@@ -556,6 +591,9 @@
) {
if ("customUser".equals(pc.getIdentifier())) {
return;
+ } else if (null == pc.getIdentifier()) {
+ // Note that this is not secure! Just doing this to test a NPE
+ return;
} else {
throw new IOException("Authentication failed");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org