svn commit: r949155 - /webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java

Fri, 28 May 2010 05:04:41 -0700 

Author: coheigea
Date: Fri May 28 12:04:13 2010
New Revision: 949155

URL: http://svn.apache.org/viewvc?rev=949155&view=rev
Log:
[WSS-219] - Added tests for adding a UsernameToken with an empty (not null) 
password.
 - Forward merged to trunk.

Modified:
    webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java?rev=949155&r1=949154&r2=949155&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java Fri May 28 
12:04:13 2010
@@ -29,6 +29,8 @@ import org.apache.ws.security.WSPassword
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.WSSecUsernameToken;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.util.Base64;
@@ -332,6 +334,32 @@ public class TestWSSecurityNew5 extends 
     }
     
     /**
+     * Test that adds a UserNameToken with an empty password
+     */
+    public void testUsernameTokenEmptyPassword() throws Exception {
+        WSSecUsernameToken builder = new WSSecUsernameToken();
+        builder.setPasswordType(WSConstants.PASSWORD_TEXT);
+        builder.setUserInfo("wernerd", "");
+        LOG.info("Before adding UsernameToken with an empty password....");
+        Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document signedDoc = builder.build(doc, secHeader);
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+        try {
+            verify(signedDoc);
+            throw new Exception("Failure expected on an password");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == 
WSSecurityException.FAILED_AUTHENTICATION);
+            // expected
+        }
+    }
+    
+    /**
      * Test with a null token type. This will fail as the default is to reject 
custom
      * token types.
      */
@@ -527,6 +555,60 @@ public class TestWSSecurityNew5 extends 
     }
     
     /**
+     * Test that adds a UserNameToken via WSHandler
+     */
+    public void testUsernameTokenWSHandler() throws Exception {
+        MyHandler handler = new MyHandler();
+        Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+        
+        RequestData reqData = new RequestData();
+        java.util.Map config = new java.util.TreeMap();
+        config.put("password", "verySecret");
+        config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+        reqData.setUsername("wernerd");
+        reqData.setMsgContext(config);
+        
+        java.util.Vector actions = new java.util.Vector();
+        actions.add(new Integer(WSConstants.UT));
+        
+        handler.send(WSConstants.UT, doc, reqData, actions, true);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Username Token via WSHandler");
+            String outputString = 
+                
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+    }
+    
+    /**
+     * Test that adds a UserNameToken with an empty password via WSHandler
+     */
+    public void testUsernameTokenWSHandlerEmptyPassword() throws Exception {
+        MyHandler handler = new MyHandler();
+        Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+        
+        RequestData reqData = new RequestData();
+        java.util.Map config = new java.util.TreeMap();
+        config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+        config.put(WSHandlerConstants.PW_CALLBACK_REF, this);
+        reqData.setUsername("emptyuser");
+        reqData.setMsgContext(config);
+        
+        java.util.Vector actions = new java.util.Vector();
+        actions.add(new Integer(WSConstants.UT));
+        
+        handler.send(WSConstants.UT, doc, reqData, actions, true);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Username Token with an empty password via WSHandler");
+            String outputString = 
+                
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+    }
+    
+    /**
      * Verifies the soap envelope
      * 
      * @param env soap envelope
@@ -546,7 +628,11 @@ public class TestWSSecurityNew5 extends 
                 if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
                     && "wernerd".equals(pc.getIdentifier())) {
                     pc.setPassword("verySecret");
-                } else if (
+                } else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
+                    && "emptyuser".equals(pc.getIdentifier())) {
+                    pc.setPassword("");
+                }  
+                else if (
                     pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN
                 ) {
                     if ("customUser".equals(pc.getIdentifier())) {



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org

Reply via email to