svn commit: r1865467 - in /webservices/wss4j/trunk/ws-security-stax/src: main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java

[coheigea]

Author: coheigea
Date: Mon Aug 19 15:31:09 2019
New Revision: 1865467

URL: http://svn.apache.org/viewvc?rev=1865467&view=rev
Log:
Better diagnostics ws-security-stax on empty password

Implements #WSS-653

Modified:
    
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
    
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java

Modified: 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1865467&r1=1865466&r2=1865467&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
 Mon Aug 19 15:31:09 2019
@@ -77,7 +77,8 @@ public class UsernameTokenOutputProcesso
             }
 
             if (password == null && 
WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE != 
usernameTokenPasswordType) {
-                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+                final Object[] args = { ((WSSSecurityProperties) 
getSecurityProperties()).getTokenUser() };
+                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noPassword", args);
             }
 
             final String wsuId = IDGenerator.generateID(null);

Modified: 
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1865467&r1=1865466&r2=1865467&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
 Mon Aug 19 15:31:09 2019
@@ -59,6 +59,8 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
 import org.apache.xml.security.utils.XMLUtils;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -525,6 +527,38 @@ public class UsernameTokenTest extends A
         }
     }
 
+    @ParameterizedTest
+    @ValueSource(strings = { "transmitter", "sender", "randomUsername" })
+    public void testOutboundPW_TEXT_withEmptyPassword(String transmitter) 
throws Exception {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+        {
+            WSSSecurityProperties securityProperties = new 
WSSSecurityProperties();
+            List<WSSConstants.Action> actions = new ArrayList<>();
+            actions.add(WSSConstants.USERNAMETOKEN);
+            securityProperties.setActions(actions);
+            securityProperties.setTokenUser(transmitter);
+            
securityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
+            securityProperties.setCallbackHandler(x -> {});
+
+            try {
+                OutboundWSSec wsSecOut = 
WSSec.getOutboundWSSec(securityProperties);
+                XMLStreamWriter xmlStreamWriter = 
wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new 
ArrayList<SecurityEvent>());
+                XMLStreamReader xmlStreamReader = 
xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+                XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+                xmlStreamWriter.close();
+                fail("Expecting an XMLStreamException");
+            } catch (XMLStreamException e) {
+                assertNotNull(e.getCause());
+                
assertTrue(WSSecurityException.class.isAssignableFrom(e.getCause().getClass()), 
"Cause should be a WSSecurityException");
+                WSSecurityException root = (WSSecurityException)e.getCause();
+                assertEquals(root.getErrorCode(), 
WSSecurityException.ErrorCode.FAILURE);
+                assertEquals("noPassword", root.getMsgID());
+                assertTrue(root.getMessage().contains(transmitter), () -> 
"Message string: <" + root.getMessage() + "> to include <" + transmitter + '>');
+            }
+        }
+    }
+
     @Test
     public void testOutboundSign() throws Exception {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();