This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 387135f0d9c045f3d335d3afc46f71a88e80fe68 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Mon Mar 23 10:42:06 2020 +0000 Adding an @Ignored test for RPC-Literal issue (cherry picked from commit 794949ee3f5040cb4b9c14e64b48d6ea70aff150) --- .../systest/soap/RPCLitSoapActionGreeterImpl.java | 16 +-- .../apache/cxf/systest/soap/SoapActionTest.java | 16 +-- .../wsdl/hello_world_soap_action_rpc.wsdl | 117 +++++++++++++++++++++ 3 files changed, 134 insertions(+), 15 deletions(-) diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java index 04a79f8..28dfe55 100644 --- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java +++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/RPCLitSoapActionGreeterImpl.java @@ -20,20 +20,20 @@ package org.apache.cxf.systest.soap; import javax.jws.WebService; -import javax.jws.soap.SOAPBinding; -import org.apache.hello_world_soap_action.WrappedGreeter; +import org.apache.hello_world_soap_action.Greeter; -@WebService(endpointInterface = "org.apache.hello_world_soap_action.WrappedGreeter", - serviceName = "WrappedSOAPService") -@SOAPBinding(style = SOAPBinding.Style.RPC) -public class RPCLitSoapActionGreeterImpl implements WrappedGreeter { +@WebService(endpointInterface = "org.apache.hello_world_soap_action.RPCGreeter", + serviceName = "SOAPRPCService") +public class RPCLitSoapActionGreeterImpl implements Greeter { - public String sayHiRequestWrapped(String in) { + @Override + public String sayHi(String in) { return "sayHi"; } - public String sayHiRequest2Wrapped(String in) { + @Override + public String sayHi2(String in) { return "sayHi2"; } diff --git a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java index 4746b6f..3ac0fe6 100644 --- a/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java +++ b/systests/uncategorized/src/test/java/org/apache/cxf/systest/soap/SoapActionTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.testutil.common.TestUtil; import org.apache.hello_world_soap_action.Greeter; +import org.apache.hello_world_soap_action.RPCGreeter; import org.apache.hello_world_soap_action.WrappedGreeter; import org.junit.AfterClass; @@ -342,15 +343,16 @@ public class SoapActionTest { } @Test + @org.junit.Ignore // TODO public void testRPCLitSoapActionSpoofing() throws Exception { JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean(); - pf.setServiceClass(WrappedGreeter.class); + pf.setServiceClass(RPCGreeter.class); pf.setAddress(add15); pf.setBus(bus); - WrappedGreeter greeter = (WrappedGreeter) pf.create(); + RPCGreeter greeter = (RPCGreeter) pf.create(); - assertEquals("sayHi", greeter.sayHiRequestWrapped("test")); - assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test")); + assertEquals("sayHi", greeter.sayHi("test")); + assertEquals("sayHi2", greeter.sayHi2("test")); // Now test spoofing attack ((BindingProvider)greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true"); @@ -358,7 +360,7 @@ public class SoapActionTest { BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2" ); try { - greeter.sayHiRequestWrapped("test"); + greeter.sayHi("test"); fail("Failure expected on spoofing attack"); } catch (Exception ex) { // expected @@ -370,7 +372,7 @@ public class SoapActionTest { BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1" ); try { - greeter.sayHiRequest2Wrapped("test"); + greeter.sayHi2("test"); fail("Failure expected on spoofing attack"); } catch (Exception ex) { // expected @@ -382,7 +384,7 @@ public class SoapActionTest { BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN" ); try { - greeter.sayHiRequestWrapped("test"); + greeter.sayHi("test"); fail("Failure expected on spoofing attack"); } catch (Exception ex) { // expected diff --git a/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl b/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl new file mode 100644 index 0000000..367c53d --- /dev/null +++ b/testutils/src/main/resources/wsdl/hello_world_soap_action_rpc.wsdl @@ -0,0 +1,117 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<wsdl:definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xformat="http://cxf.apache.org/bindings/xformat" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:jms="http://cxf.apache.org/transports/jms" xmlns:tns="http://apache.org/hello_world_soap_action" xmlns:x1="http://apache.org/hello_world_soap_action/types" xmlns:x2="http://apache [...] + <wsdl:types> + <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://apache.org/hello_world_soap_action/types" elementFormDefault="qualified"> + <element name="text" type="xsd:string"/> + <element name="text2" type="xsd:string"/> + </schema> + <xsd:schema targetNamespace="http://apache.org/hello_world_soap_action/types/wrapped"> + <xsd:element name="sayHiRequestWrapped"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="wrappedText" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="sayHiResponseWrapped"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="wrappedTextResponse" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="sayHiRequest2Wrapped"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="wrappedText" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="sayHiResponse2Wrapped"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="wrappedTextResponse" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:schema> + </wsdl:types> + <wsdl:message name="sayHiRequest"> + <wsdl:part name="in" element="x1:text"/> + </wsdl:message> + <wsdl:message name="sayHiResponse"> + <wsdl:part name="out" element="x1:text"/> + </wsdl:message> + <wsdl:message name="sayHiRequest2"> + <wsdl:part name="in" element="x1:text2"/> + </wsdl:message> + <wsdl:message name="sayHiResponse2"> + <wsdl:part name="out" element="x1:text"/> + </wsdl:message> + <wsdl:message name="sayHiRequestWrapped"> + <wsdl:part element="x2:sayHiRequestWrapped" name="parameters"/> + </wsdl:message> + <wsdl:message name="sayHiResponseWrapped"> + <wsdl:part element="x2:sayHiResponseWrapped" name="parameters"/> + </wsdl:message> + <wsdl:message name="sayHiRequest2Wrapped"> + <wsdl:part element="x2:sayHiRequest2Wrapped" name="parameters"/> + </wsdl:message> + <wsdl:message name="sayHiResponse2Wrapped"> + <wsdl:part element="x2:sayHiResponse2Wrapped" name="parameters"/> + </wsdl:message> + <wsdl:portType name="RPCGreeter"> + <wsdl:operation name="sayHi"> + <wsdl:input name="sayHiRequest" message="tns:sayHiRequest"/> + <wsdl:output name="sayHiResponse" message="tns:sayHiResponse"/> + </wsdl:operation> + <wsdl:operation name="sayHi2"> + <wsdl:input name="sayHiRequest2" message="tns:sayHiRequest2"/> + <wsdl:output name="sayHiResponse2" message="tns:sayHiResponse2"/> + </wsdl:operation> + </wsdl:portType> + <wsdl:binding name="Greeter_SOAPBinding" type="tns:RPCGreeter"> + <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="sayHi"> + <soap:operation style="rpc" soapAction="SAY_HI_1"/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="sayHi2"> + <soap:operation style="rpc" soapAction="SAY_HI_2"/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:service name="SOAPRPCService"> + <wsdl:port name="SoapRPCPort" binding="tns:Greeter_SOAPBinding"> + <soap:address location="http://localhost:9001/SOAPDocLitService/SoapRPCPort"/> + </wsdl:port> + </wsdl:service> +</wsdl:definitions>