You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/03/29 11:11:52 UTC
[3/3] cxf git commit: Add another test to check that an exception is
thrown if a service response is not signed
Add another test to check that an exception is thrown if a service response is not signed
# Conflicts:
# systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e2cdb270
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e2cdb270
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e2cdb270
Branch: refs/heads/3.0.x-fixes
Commit: e2cdb2700b71d149c8979afb7bd175c3a0d51791
Parents: c806cc3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Mar 29 11:51:53 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Mar 29 12:09:53 2017 +0100
----------------------------------------------------------------------
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 96 ++++++++++++++++++++
.../cxf/systest/jaxrs/security/xml/server.xml | 13 +++
2 files changed, 109 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2cdb270/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 747d12f..11ce888 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -360,6 +360,102 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
}
@Test
+<<<<<<< HEAD
+=======
+ public void testUnsignedServerResponse() throws Exception {
+ if (STAX_PORT.equals(test.port)) {
+ // We are only testing the client here
+ return;
+ }
+ String address = "https://localhost:" + test.port + "/xmlnosigresponse/bookstore/books";
+
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put(SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
+ properties.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ "org/apache/cxf/systest/jaxrs/security/alice.properties");
+ bean.setProperties(properties);
+ if (test.streaming) {
+ XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+ sigOutInterceptor.setSignRequest(true);
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+ sigInInterceptor.setRequireSignature(true);
+ bean.setProvider(sigInInterceptor);
+ } else {
+ XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
+ bean.getInInterceptors().add(sigInInterceptor);
+ }
+
+ WebClient wc = bean.createWebClient();
+ WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+ try {
+ wc.post(new Book("CXF", 126L), Book.class);
+ fail("Failure expected on an unsigned response message");
+ } catch (ProcessingException ex) {
+ assertTrue(ex.getCause() instanceof BadRequestException);
+ }
+ }
+
+ @Test
+ public void testPostBookWithEnvelopedSigKeyName() throws Exception {
+ // This test only applies to StAX - see CXF-7084
+ if (!test.streaming || !STAX_PORT.equals(test.port)) {
+ return;
+ }
+ String address = "https://localhost:" + test.port + "/xmlsigkeyname/bookstore/books";
+
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put(SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
+ properties.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ "org/apache/cxf/systest/jaxrs/security/alice.properties");
+ bean.setProperties(properties);
+ XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+ sigOutInterceptor.setSignRequest(true);
+ sigOutInterceptor.setKeyInfoMustBeAvailable(true);
+
+ SignatureProperties sigProps = new SignatureProperties();
+ sigProps.setSignatureKeyName("alice-kn");
+ sigProps.setSignatureKeyIdType("KeyName");
+ sigOutInterceptor.setSignatureProperties(sigProps);
+
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+ sigInInterceptor.setRequireSignature(true);
+ bean.setProvider(sigInInterceptor);
+
+ WebClient wc = bean.createWebClient();
+ WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+ Book book = wc.post(new Book("CXF", 126L), Book.class);
+ assertEquals(126L, book.getId());
+ }
+
+ @Test
+>>>>>>> 533daf2... Add another test to check that an exception is thrown if a service response is not signed
public void testPostEncryptedBook() throws Exception {
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2cdb270/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
index 0a7a60f..f04497f 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
@@ -128,6 +128,19 @@ under the License.
</jaxrs:properties>
</jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlnosigresponse">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsigconstraints">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>