Author: dkulp Date: Thu Dec 10 21:32:31 2009 New Revision: 889429 URL: http://svn.apache.org/viewvc?rev=889429&view=rev Log: Merged revisions 889428 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.2.x-fixes
................ r889428 | dkulp | 2009-12-10 16:26:48 -0500 (Thu, 10 Dec 2009) | 10 lines Merged revisions 889426 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r889426 | dkulp | 2009-12-10 16:24:32 -0500 (Thu, 10 Dec 2009) | 2 lines [CXF-2150] If service is configured for Digest, make sure a digest is sent in. For WS-SecPol, make sure what came in matches the policy. ........ ................ Modified: cxf/branches/2.1.x-fixes/ (props changed) cxf/branches/2.1.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/server.xml cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/test-data/UsernameTokenRequest.xml Propchange: cxf/branches/2.1.x-fixes/ ------------------------------------------------------------------------------ --- svn:mergeinfo (added) +++ svn:mergeinfo Thu Dec 10 21:32:31 2009 @@ -0,0 +1,2 @@ +/cxf/branches/2.2.x-fixes:889428 +/cxf/trunk:889426 Propchange: cxf/branches/2.1.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.1.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=889429&r1=889428&r2=889429&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original) +++ cxf/branches/2.1.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Dec 10 21:32:31 2009 @@ -51,6 +51,7 @@ import org.apache.ws.security.WSSecurityEngine; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.WSUsernameTokenPrincipal; import org.apache.ws.security.handler.RequestData; import org.apache.ws.security.handler.WSHandlerConstants; import org.apache.ws.security.handler.WSHandlerResult; @@ -299,7 +300,7 @@ } private void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult) - throws SOAPException, XMLStreamException { + throws SOAPException, XMLStreamException, WSSecurityException { /* * All ok up to this point. Now construct and setup the security result * structure. The service may fetch this and check it. @@ -324,6 +325,21 @@ i++; } msg.setContent(XMLStreamReader.class, reader); + String pwType = (String)getProperty(msg, "passwordType"); + if ("PasswordDigest".equals(pwType)) { + //CXF-2150 - we need to check the UsernameTokens + for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) { + Integer actInt = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION); + if (actInt == WSConstants.UT) { + WSUsernameTokenPrincipal princ + = (WSUsernameTokenPrincipal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL); + if (!princ.isPasswordDigest()) { + LOG.warning("Non-digest UsernameToken found, but digest required"); + throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); + } + } + } + } for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) { final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL); Modified: cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java?rev=889429&r1=889428&r2=889429&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java (original) +++ cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java Thu Dec 10 21:32:31 2009 @@ -20,7 +20,9 @@ package org.apache.cxf.systest.ws.security; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.xml.namespace.QName; import javax.xml.transform.OutputKeys; @@ -39,7 +41,10 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; import org.apache.hello_world_soap_http.Greeter; import org.junit.BeforeClass; import org.junit.Test; @@ -89,6 +94,41 @@ launchServer(Server.class, true) ); } + + @Test + public void testUsernameToken() { + final javax.xml.ws.Service svc + = javax.xml.ws.Service.create(WSDL_LOC, GREETER_SERVICE_QNAME); + final Greeter greeter = svc.getPort(USERNAME_TOKEN_PORT_QNAME, Greeter.class); + + Client client = ClientProxy.getClient(greeter); + Map<String, Object> props = new HashMap<String, Object>(); + props.put("action", "UsernameToken"); + props.put("user", "alice"); + WSS4JOutInterceptor wss4jOut = new WSS4JOutInterceptor(props); + + client.getOutInterceptors().add(wss4jOut); + + ((BindingProvider)greeter).getRequestContext().put("password", "password"); + String s = greeter.greetMe("CXF"); + assertEquals("Hello CXF", s); + + try { + ((BindingProvider)greeter).getRequestContext().put("password", "foo"); + greeter.greetMe("CXF"); + fail("should fail"); + } catch (Exception ex) { + //expected + } + try { + props.put("passwordType", "PasswordText"); + ((BindingProvider)greeter).getRequestContext().put("password", "password"); + greeter.greetMe("CXF"); + fail("should fail"); + } catch (Exception ex) { + //expected + } + } @Test public void testTimestampSignEncrypt() { @@ -172,11 +212,6 @@ } private static Dispatch<Source> createUsernameTokenDispatcher() { - // - // Set up the client (stolen from JAX-RS system test) - // - // TODO This could really be done more simply with an HTTPURLConnection - // final Service service = Service.create( GREETER_SERVICE_QNAME ); Modified: cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/server.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/server.xml?rev=889429&r1=889428&r2=889429&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/server.xml (original) +++ cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/server.xml Thu Dec 10 21:32:31 2009 @@ -67,7 +67,7 @@ <constructor-arg> <map> <entry key="action" value="UsernameToken"/> - <!-- <entry key="passwordType" value="PasswordDigest"/> --> + <entry key="passwordType" value="PasswordDigest"/> <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.security.KeystorePasswordCallback"/> </map> </constructor-arg> Modified: cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/test-data/UsernameTokenRequest.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/test-data/UsernameTokenRequest.xml?rev=889429&r1=889428&r2=889429&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/test-data/UsernameTokenRequest.xml (original) +++ cxf/branches/2.1.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/security/test-data/UsernameTokenRequest.xml Thu Dec 10 21:32:31 2009 @@ -3,10 +3,10 @@ <wss:Security xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wss:UsernameToken> <wss:Username>alice</wss:Username> - <wss:Password - Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"; - >password</wss:Password> - </wss:UsernameToken> + <wss:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>FPqPsaAp7hWASdknPsbfZxIoDVI=</wss:Password> + <wss:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>OJBNzEGDmTiD/lbeA+UDeg==</wss:Nonce> + <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-12-10T21:12:59.100Z</wsu:Created> + </wss:UsernameToken> </wss:Security> </soap:Header> <soap:Body>
