You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/03/24 08:26:56 UTC
[cxf] 01/05: Adding an @Ignored test for RPC-Literal issue
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 387135f0d9c045f3d335d3afc46f71a88e80fe68
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Mar 23 10:42:06 2020 +0000
Adding an @Ignored test for RPC-Literal issue
(cherry picked from commit 794949ee3f5040cb4b9c14e64b48d6ea70aff150)
---
.../systest/soap/RPCLitSoapActionGreeterImpl.java | 16 +--
.../apache/cxf/systest/soap/SoapActionTest.java | 16 +--
.../wsdl/hello_world_soap_action_rpc.wsdl | 117 +++++++++++++++++++++
3 files changed, 134 insertions(+), 15 deletions(-)
diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java
index 04a79f8..28dfe55 100644
--- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java
+++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java
@@ -20,20 +20,20 @@
package org.apache.cxf.systest.soap;
import javax.jws.WebService;
-import javax.jws.soap.SOAPBinding;
-import org.apache.hello_world_soap_action.WrappedGreeter;
+import org.apache.hello_world_soap_action.Greeter;
-@WebService(endpointInterface = "org.apache.hello_world_soap_action.WrappedGreeter",
- serviceName = "WrappedSOAPService")
-@SOAPBinding(style = SOAPBinding.Style.RPC)
-public class RPCLitSoapActionGreeterImpl implements WrappedGreeter {
+@WebService(endpointInterface = "org.apache.hello_world_soap_action.RPCGreeter",
+ serviceName = "SOAPRPCService")
+public class RPCLitSoapActionGreeterImpl implements Greeter {
- public String sayHiRequestWrapped(String in) {
+ @Override
+ public String sayHi(String in) {
return "sayHi";
}
- public String sayHiRequest2Wrapped(String in) {
+ @Override
+ public String sayHi2(String in) {
return "sayHi2";
}
diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
index 4746b6f..3ac0fe6 100644
--- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
+++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
@@ -29,6 +29,7 @@ import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.hello_world_soap_action.Greeter;
+import org.apache.hello_world_soap_action.RPCGreeter;
import org.apache.hello_world_soap_action.WrappedGreeter;
import org.junit.AfterClass;
@@ -342,15 +343,16 @@ public class SoapActionTest {
}
@Test
+ @org.junit.Ignore // TODO
public void testRPCLitSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
- pf.setServiceClass(WrappedGreeter.class);
+ pf.setServiceClass(RPCGreeter.class);
pf.setAddress(add15);
pf.setBus(bus);
- WrappedGreeter greeter = (WrappedGreeter) pf.create();
+ RPCGreeter greeter = (RPCGreeter) pf.create();
- assertEquals("sayHi", greeter.sayHiRequestWrapped("test"));
- assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test"));
+ assertEquals("sayHi", greeter.sayHi("test"));
+ assertEquals("sayHi2", greeter.sayHi2("test"));
// Now test spoofing attack
((BindingProvider)greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
@@ -358,7 +360,7 @@ public class SoapActionTest {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2"
);
try {
- greeter.sayHiRequestWrapped("test");
+ greeter.sayHi("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
@@ -370,7 +372,7 @@ public class SoapActionTest {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1"
);
try {
- greeter.sayHiRequest2Wrapped("test");
+ greeter.sayHi2("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
@@ -382,7 +384,7 @@ public class SoapActionTest {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN"
);
try {
- greeter.sayHiRequestWrapped("test");
+ greeter.sayHi("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
diff --git a/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl b/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl
new file mode 100644
index 0000000..367c53d
--- /dev/null
+++ b/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xformat="http://cxf.apache.org/bindings/xformat" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:jms="http://cxf.apache.org/transports/jms" xmlns:tns="http://apache.org/hello_world_soap_action" xmlns:x1="http://apache.org/hello_world_soap_action/types" xmlns:x2="http://apache [...]
+ <wsdl:types>
+ <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://apache.org/hello_world_soap_action/types" elementFormDefault="qualified">
+ <element name="text" type="xsd:string"/>
+ <element name="text2" type="xsd:string"/>
+ </schema>
+ <xsd:schema targetNamespace="http://apache.org/hello_world_soap_action/types/wrapped">
+ <xsd:element name="sayHiRequestWrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedText" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sayHiResponseWrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedTextResponse" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sayHiRequest2Wrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedText" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sayHiResponse2Wrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedTextResponse" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ </wsdl:types>
+ <wsdl:message name="sayHiRequest">
+ <wsdl:part name="in" element="x1:text"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponse">
+ <wsdl:part name="out" element="x1:text"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiRequest2">
+ <wsdl:part name="in" element="x1:text2"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponse2">
+ <wsdl:part name="out" element="x1:text"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiRequestWrapped">
+ <wsdl:part element="x2:sayHiRequestWrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponseWrapped">
+ <wsdl:part element="x2:sayHiResponseWrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiRequest2Wrapped">
+ <wsdl:part element="x2:sayHiRequest2Wrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponse2Wrapped">
+ <wsdl:part element="x2:sayHiResponse2Wrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:portType name="RPCGreeter">
+ <wsdl:operation name="sayHi">
+ <wsdl:input name="sayHiRequest" message="tns:sayHiRequest"/>
+ <wsdl:output name="sayHiResponse" message="tns:sayHiResponse"/>
+ </wsdl:operation>
+ <wsdl:operation name="sayHi2">
+ <wsdl:input name="sayHiRequest2" message="tns:sayHiRequest2"/>
+ <wsdl:output name="sayHiResponse2" message="tns:sayHiResponse2"/>
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="Greeter_SOAPBinding" type="tns:RPCGreeter">
+ <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="sayHi">
+ <soap:operation style="rpc" soapAction="SAY_HI_1"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="sayHi2">
+ <soap:operation style="rpc" soapAction="SAY_HI_2"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="SOAPRPCService">
+ <wsdl:port name="SoapRPCPort" binding="tns:Greeter_SOAPBinding">
+ <soap:address location="http://localhost:9001/SOAPDocLitService/SoapRPCPort"/>
+ </wsdl:port>
+ </wsdl:service>
+</wsdl:definitions>