svn commit: r1865470 - in /webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src: main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java

Mon, 19 Aug 2019 08:40:17 -0700 

Author: coheigea
Date: Mon Aug 19 15:39:47 2019
New Revision: 1865470

URL: http://svn.apache.org/viewvc?rev=1865470&view=rev
Log:
Better diagnostics ws-security-stax on empty password

Implements #WSS-653

Modified:
    
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
    
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java

Modified: 
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1865470&r1=1865469&r2=1865470&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
 (original)
+++ 
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
 Mon Aug 19 15:39:47 2019
@@ -77,7 +77,8 @@ public class UsernameTokenOutputProcesso
             }
 
             if (password == null && 
WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE != 
usernameTokenPasswordType) {
-                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+                final Object[] args = {((WSSSecurityProperties) 
getSecurityProperties()).getTokenUser() };
+                throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noPassword", args);
             }
 
             final String wsuId = IDGenerator.generateID(null);

Modified: 
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1865470&r1=1865469&r2=1865470&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
 (original)
+++ 
webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
 Mon Aug 19 15:39:47 2019
@@ -521,6 +521,38 @@ public class UsernameTokenTest extends A
     }
 
     @Test
+    public void testOutboundPW_TEXT_withEmptyPassword() throws Exception {
+        String transmitter = "sender";
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+        {
+            WSSSecurityProperties securityProperties = new 
WSSSecurityProperties();
+            List<WSSConstants.Action> actions = new ArrayList<>();
+            actions.add(WSSConstants.USERNAMETOKEN);
+            securityProperties.setActions(actions);
+            securityProperties.setTokenUser(transmitter);
+            
securityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
+            securityProperties.setCallbackHandler(x -> {});
+
+            try {
+                OutboundWSSec wsSecOut = 
WSSec.getOutboundWSSec(securityProperties);
+                XMLStreamWriter xmlStreamWriter = 
wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(), new 
ArrayList<SecurityEvent>());
+                XMLStreamReader xmlStreamReader = 
xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+                XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+                xmlStreamWriter.close();
+                fail("Expecting an XMLStreamException");
+            } catch (XMLStreamException e) {
+                assertNotNull(e.getCause());
+                
assertTrue(WSSecurityException.class.isAssignableFrom(e.getCause().getClass()));
+                WSSecurityException root = (WSSecurityException)e.getCause();
+                assertEquals(root.getErrorCode(), 
WSSecurityException.ErrorCode.FAILURE);
+                assertEquals("noPassword", root.getMsgID());
+                assertTrue(root.getMessage().contains(transmitter));
+            }
+        }
+    }
+
+    @Test
     public void testOutboundSign() throws Exception {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();

Reply via email to