You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/03/24 09:32:16 UTC
[cxf] branch 3.2.x-fixes updated (c4ff02a -> 5bb11d9)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from c4ff02a Recording .gitmergeinfo Changes
new 1b85e85 Adding an @Ignored test for RPC-Literal issue
new 46dd5ad Bridge/synthetic methods may not have the parameter annotations, search for the actual method to use
new 07557c0 Prevent SOAPAction spoofing for RPC/Lit services
new bb07453 Fixing checkstyle
new 5bb11d9 Recording .gitmergeinfo Changes
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../binding/soap/interceptor/Messages.properties | 1 +
.../binding/soap/interceptor/RPCInInterceptor.java | 5 +
.../apache/cxf/jaxrs/utils/AnnotationUtils.java | 25 +++--
.../cxf/systest/jms/action/JMSSoapActionTest.java | 16 ++--
.../systest/soap/RPCLitSoapActionGreeterImpl.java | 16 ++--
.../apache/cxf/systest/soap/SoapActionTest.java | 15 +--
...ction.wsdl => hello_world_soap_action_rpc.wsdl} | 104 ++-------------------
8 files changed, 56 insertions(+), 127 deletions(-)
copy testutils/src/main/resources/wsdl/{hello_world_soap_action.wsdl => hello_world_soap_action_rpc.wsdl} (55%)
[cxf] 02/05: Bridge/synthetic methods may not have the parameter
annotations, search for the actual method to use
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 46dd5ada87c27766596de6a96111d3cacc600252
Author: Daniel Kulp <dk...@apache.org>
AuthorDate: Mon Mar 23 15:01:09 2020 -0400
Bridge/synthetic methods may not have the parameter annotations, search for the actual method to use
(cherry picked from commit 2e436324dcda546e6c2d11a878bea84bcfc62de1)
(cherry picked from commit 959d319e90a10ebd0817b5683a49fdffb298bd06)
---
.../apache/cxf/jaxrs/utils/AnnotationUtils.java | 25 +++++++++++++---------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/AnnotationUtils.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/AnnotationUtils.java
index c3c9b59..8fce143 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/AnnotationUtils.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/AnnotationUtils.java
@@ -159,19 +159,24 @@ public final class AnnotationUtils {
private static Method doGetAnnotatedMethod(Class<?> serviceClass, Method m) {
if (m != null) {
- for (Annotation a : m.getAnnotations()) {
- if (AnnotationUtils.isMethodAnnotation(a)) {
- return m;
+ if (!m.isBridge() && !m.isSynthetic()) {
+ //the bridge/synthetic methods may not have the parameter annotations
+ //thus we will need to search the super classes/interfaces to make
+ //sure we get the proper method that would also have the parameters annotated
+ //properly
+ for (Annotation a : m.getAnnotations()) {
+ if (AnnotationUtils.isMethodAnnotation(a)) {
+ return m;
+ }
}
- }
- for (Annotation[] paramAnnotations : m.getParameterAnnotations()) {
- if (isValidParamAnnotations(paramAnnotations)) {
- LOG.warning("Method " + m.getName() + " in " + m.getDeclaringClass().getName()
- + " has no JAX-RS Path or HTTP Method annotations");
- return m;
+ for (Annotation[] paramAnnotations : m.getParameterAnnotations()) {
+ if (isValidParamAnnotations(paramAnnotations)) {
+ LOG.warning("Method " + m.getName() + " in " + m.getDeclaringClass().getName()
+ + " has no JAX-RS Path or HTTP Method annotations");
+ return m;
+ }
}
}
-
Class<?> declaringClass = m.getDeclaringClass();
Class<?> superC = declaringClass.getSuperclass();
if (superC != null && Object.class != superC) {
[cxf] 01/05: Adding an @Ignored test for RPC-Literal issue
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 1b85e8534d243b2e32b48dd9d3c590ceff92bd3a
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Mar 23 10:42:06 2020 +0000
Adding an @Ignored test for RPC-Literal issue
(cherry picked from commit 794949ee3f5040cb4b9c14e64b48d6ea70aff150)
(cherry picked from commit 387135f0d9c045f3d335d3afc46f71a88e80fe68)
---
.../systest/soap/RPCLitSoapActionGreeterImpl.java | 16 +--
.../apache/cxf/systest/soap/SoapActionTest.java | 16 +--
.../wsdl/hello_world_soap_action_rpc.wsdl | 117 +++++++++++++++++++++
3 files changed, 134 insertions(+), 15 deletions(-)
diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java
index 04a79f8..28dfe55 100644
--- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java
+++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java
@@ -20,20 +20,20 @@
package org.apache.cxf.systest.soap;
import javax.jws.WebService;
-import javax.jws.soap.SOAPBinding;
-import org.apache.hello_world_soap_action.WrappedGreeter;
+import org.apache.hello_world_soap_action.Greeter;
-@WebService(endpointInterface = "org.apache.hello_world_soap_action.WrappedGreeter",
- serviceName = "WrappedSOAPService")
-@SOAPBinding(style = SOAPBinding.Style.RPC)
-public class RPCLitSoapActionGreeterImpl implements WrappedGreeter {
+@WebService(endpointInterface = "org.apache.hello_world_soap_action.RPCGreeter",
+ serviceName = "SOAPRPCService")
+public class RPCLitSoapActionGreeterImpl implements Greeter {
- public String sayHiRequestWrapped(String in) {
+ @Override
+ public String sayHi(String in) {
return "sayHi";
}
- public String sayHiRequest2Wrapped(String in) {
+ @Override
+ public String sayHi2(String in) {
return "sayHi2";
}
diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
index 90d7ca4..768556b 100644
--- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
+++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
@@ -29,6 +29,7 @@ import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.hello_world_soap_action.Greeter;
+import org.apache.hello_world_soap_action.RPCGreeter;
import org.apache.hello_world_soap_action.WrappedGreeter;
import org.junit.AfterClass;
@@ -340,15 +341,16 @@ public class SoapActionTest extends Assert {
}
@Test
+ @org.junit.Ignore // TODO
public void testRPCLitSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
- pf.setServiceClass(WrappedGreeter.class);
+ pf.setServiceClass(RPCGreeter.class);
pf.setAddress(add15);
pf.setBus(bus);
- WrappedGreeter greeter = (WrappedGreeter) pf.create();
+ RPCGreeter greeter = (RPCGreeter) pf.create();
- assertEquals("sayHi", greeter.sayHiRequestWrapped("test"));
- assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test"));
+ assertEquals("sayHi", greeter.sayHi("test"));
+ assertEquals("sayHi2", greeter.sayHi2("test"));
// Now test spoofing attack
((BindingProvider)greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
@@ -356,7 +358,7 @@ public class SoapActionTest extends Assert {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2"
);
try {
- greeter.sayHiRequestWrapped("test");
+ greeter.sayHi("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
@@ -368,7 +370,7 @@ public class SoapActionTest extends Assert {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1"
);
try {
- greeter.sayHiRequest2Wrapped("test");
+ greeter.sayHi2("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
@@ -380,7 +382,7 @@ public class SoapActionTest extends Assert {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN"
);
try {
- greeter.sayHiRequestWrapped("test");
+ greeter.sayHi("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
diff --git a/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl b/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl
new file mode 100644
index 0000000..367c53d
--- /dev/null
+++ b/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xformat="http://cxf.apache.org/bindings/xformat" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:jms="http://cxf.apache.org/transports/jms" xmlns:tns="http://apache.org/hello_world_soap_action" xmlns:x1="http://apache.org/hello_world_soap_action/types" xmlns:x2="http://apache [...]
+ <wsdl:types>
+ <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://apache.org/hello_world_soap_action/types" elementFormDefault="qualified">
+ <element name="text" type="xsd:string"/>
+ <element name="text2" type="xsd:string"/>
+ </schema>
+ <xsd:schema targetNamespace="http://apache.org/hello_world_soap_action/types/wrapped">
+ <xsd:element name="sayHiRequestWrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedText" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sayHiResponseWrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedTextResponse" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sayHiRequest2Wrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedText" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sayHiResponse2Wrapped">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="wrappedTextResponse" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ </wsdl:types>
+ <wsdl:message name="sayHiRequest">
+ <wsdl:part name="in" element="x1:text"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponse">
+ <wsdl:part name="out" element="x1:text"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiRequest2">
+ <wsdl:part name="in" element="x1:text2"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponse2">
+ <wsdl:part name="out" element="x1:text"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiRequestWrapped">
+ <wsdl:part element="x2:sayHiRequestWrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponseWrapped">
+ <wsdl:part element="x2:sayHiResponseWrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiRequest2Wrapped">
+ <wsdl:part element="x2:sayHiRequest2Wrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:message name="sayHiResponse2Wrapped">
+ <wsdl:part element="x2:sayHiResponse2Wrapped" name="parameters"/>
+ </wsdl:message>
+ <wsdl:portType name="RPCGreeter">
+ <wsdl:operation name="sayHi">
+ <wsdl:input name="sayHiRequest" message="tns:sayHiRequest"/>
+ <wsdl:output name="sayHiResponse" message="tns:sayHiResponse"/>
+ </wsdl:operation>
+ <wsdl:operation name="sayHi2">
+ <wsdl:input name="sayHiRequest2" message="tns:sayHiRequest2"/>
+ <wsdl:output name="sayHiResponse2" message="tns:sayHiResponse2"/>
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="Greeter_SOAPBinding" type="tns:RPCGreeter">
+ <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="sayHi">
+ <soap:operation style="rpc" soapAction="SAY_HI_1"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="sayHi2">
+ <soap:operation style="rpc" soapAction="SAY_HI_2"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="SOAPRPCService">
+ <wsdl:port name="SoapRPCPort" binding="tns:Greeter_SOAPBinding">
+ <soap:address location="http://localhost:9001/SOAPDocLitService/SoapRPCPort"/>
+ </wsdl:port>
+ </wsdl:service>
+</wsdl:definitions>
[cxf] 05/05: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 5bb11d98a67d1373b365550ffed375a4a1cebe4f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Mar 24 08:27:04 2020 +0000
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 0061248..11ea404 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -75,6 +75,7 @@ B 17301faea32d8375a0dc4be6729b8121469e60c7
B 177ba3183df5c9bd55b6e91eb5823bc75e8a45ef
B 179bd2fb3c6e84ace75859cc6569b56d2aa3a9f1
B 179cb7a84b82e297a4d43af9d7454340542ed7d7
+B 17c67867e89f3dadfe6d8433c1ea90d9d4dcf3d4
B 180750ab68aeeae60731dbdfb943eca8608fe94a
B 181bfdbc85ff13ff31412915e1bb32f0c97c853d
B 187e7cb871d6c1821ca43039ebd4eaa53c26022a
[cxf] 04/05: Fixing checkstyle
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit bb07453db95af8bad73c3de4116c7ad5a36d0b2b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Mar 24 07:44:46 2020 +0000
Fixing checkstyle
(cherry picked from commit 19c00248f26f2861dfc8c198f54b98cbf1a708fe)
(cherry picked from commit 4f3929d8b1d61d903fe2c4eb36682b7616365e39)
---
.../test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
index c3ba953..b529553 100644
--- a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
+++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
@@ -117,7 +117,6 @@ public class JMSSoapActionTest extends AbstractBusClientServerTestBase {
URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
HelloWorldService service = new HelloWorldService(wsdl, serviceName);
- String response = new String("Bonjour2");
HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);
ClientProxy.getClient(greeter).getOutInterceptors().add(new LoggingOutInterceptor());
[cxf] 03/05: Prevent SOAPAction spoofing for RPC/Lit services
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 07557c03271fd977729a5f8c4a3929db96742431
Author: Daniel Kulp <dk...@apache.org>
AuthorDate: Mon Mar 23 15:01:51 2020 -0400
Prevent SOAPAction spoofing for RPC/Lit services
(cherry picked from commit b563f7b59db5a749537d1149ff48cdbc021f54f8)
(cherry picked from commit 3e285c217b21174c8f9f37a0755d32345e134fb0)
---
.../cxf/binding/soap/interceptor/Messages.properties | 1 +
.../cxf/binding/soap/interceptor/RPCInInterceptor.java | 5 +++++
.../apache/cxf/systest/jms/action/JMSSoapActionTest.java | 15 ++++++++++-----
.../java/org/apache/cxf/systest/soap/SoapActionTest.java | 1 -
4 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
index bf5622b..aea4a57 100644
--- a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
+++ b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
@@ -34,3 +34,4 @@ NO_NAMESPACE=No namespace on "{0}" element. You must send a SOAP message.
BP_2211_RPCLIT_CANNOT_BE_NULL=Cannot write part {0}. RPC/Literal parts cannot be null. (WS-I BP R2211)
UNKNOWN_RPC_LIT_PART=Found element {0} but could not find matching RPC/Literal part
SOAP_ACTION_MISMATCH=The given SOAPAction {0} does not match an operation.
+SOAP_ACTION_MISMATCH_OP=The given SOAPAction {0} does not match the received operation {1}.
\ No newline at end of file
diff --git a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/RPCInInterceptor.java b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/RPCInInterceptor.java
index 78a7f29..5f281c9 100644
--- a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/RPCInInterceptor.java
+++ b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/RPCInInterceptor.java
@@ -30,6 +30,7 @@ import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
+import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.wsdl.extensions.SoapBody;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.databinding.DataReader;
@@ -112,6 +113,10 @@ public class RPCInInterceptor extends AbstractInDatabindingInterceptor {
setMessage(message, operation);
} else {
operation = message.getExchange().getBindingOperationInfo();
+ if (!operation.getName().getLocalPart().equals(opName)) {
+ String sa = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+ throw new Fault("SOAP_ACTION_MISMATCH_OP", LOG, null, sa, opName);
+ }
}
MessageInfo msg;
DataReader<XMLStreamReader> dr = getDataReader(message, XMLStreamReader.class);
diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
index 59c39da..c3ba953 100644
--- a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
+++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
@@ -43,7 +43,7 @@ import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertSame;
-
+import static org.junit.Assert.fail;
/**
* Some tests for sending a SOAP Action with JMS
@@ -108,6 +108,8 @@ public class JMSSoapActionTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)greeter).close();
}
+
+
@Test
public void testSayHi2() throws Exception {
QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldServiceSoapAction");
@@ -126,10 +128,13 @@ public class JMSSoapActionTest extends AbstractBusClientServerTestBase {
BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2"
);
- String reply = greeter.sayHi();
- assertNotNull("no response received from service", reply);
- assertEquals(response, reply);
-
+ try {
+ greeter.sayHi();
+ fail("Failure expected on spoofing attack");
+ } catch (Exception ex) {
+ // expected
+ }
+
((java.io.Closeable)greeter).close();
}
diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
index 768556b..8676083 100644
--- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
+++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java
@@ -341,7 +341,6 @@ public class SoapActionTest extends Assert {
}
@Test
- @org.junit.Ignore // TODO
public void testRPCLitSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
pf.setServiceClass(RPCGreeter.class);