Author: coheigea
Date: Tue Jun 15 13:36:26 2010
New Revision: 954877
URL: http://svn.apache.org/viewvc?rev=954877&view=rev
Log:
[WSS-219] - Merged a fix for this issue + test.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew5.java
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java?rev=954877&r1=954876&r2=954877&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/message/token/UsernameToken.java
Tue Jun 15 13:36:26 2010
@@ -373,7 +373,12 @@ public class UsernameToken {
* @return the password string or <code>null</code> if no such node exists.
*/
public String getPassword() {
- return nodeString(elementPassword);
+ String password = nodeString(elementPassword);
+ // See WSS-219
+ if (password == null && elementPassword != null) {
+ return "";
+ }
+ return password;
}
/**
@@ -529,7 +534,6 @@ public class UsernameToken {
}
}
return null;
-
}
/**
Modified:
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew5.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew5.java?rev=954877&r1=954876&r2=954877&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew5.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew5.java
Tue Jun 15 13:36:26 2010
@@ -69,6 +69,7 @@ public class TestWSSecurityNew5 extends
+ "</add>"
+ "</SOAP-ENV:Body>"
+ "</SOAP-ENV:Envelope>";
+
private static final String SOAPUTMSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"; "
@@ -85,6 +86,24 @@ public class TestWSSecurityNew5 extends
+ "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>"
+ "<value xmlns=\"\">15</value>" + "</add>"
+ "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
+ private static final String EMPTY_PASSWORD_MSG =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ + "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"; "
+ + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; "
+ + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>"
+ + "<SOAP-ENV:Header>"
+ + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
+ +
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";>"
+ + "<wsse:UsernameToken wsu:Id=\"UsernameToken-1\" "
+ +
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";
"
+ +
"xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\";>"
+ + "<wsse:Username>wernerd</wsse:Username>"
+ + "<wsse:Password
Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\"/>"
+ + "</wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>"
+ + "<SOAP-ENV:Body>"
+ + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>"
+ + "<value xmlns=\"\">15</value>" + "</add>"
+ + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
private MessageContext msgContext;
@@ -355,13 +374,26 @@ public class TestWSSecurityNew5 extends
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
- try {
- verify(signedDoc);
- throw new Exception("Failure expected on an password");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.FAILED_AUTHENTICATION);
- // expected
+ verify(signedDoc);
+ }
+
+ /**
+ * Test that processes a UserNameToken with an empty password
+ */
+ public void testEmptyPasswordProcessing() throws Exception {
+ InputStream in = new
ByteArrayInputStream(EMPTY_PASSWORD_MSG.getBytes());
+ Message msg = new Message(in);
+ msg.setMessageContext(msgContext);
+ SOAPEnvelope utEnvelope = msg.getSOAPEnvelope();
+ Document doc = utEnvelope.getAsDocument();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Empty password message: ");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
}
+
+ verify(doc);
}
/**
@@ -616,6 +648,9 @@ public class TestWSSecurityNew5 extends
return;
} else if ("customUser".equals(pc.getIdentifier())) {
return;
+ } else if ("wernerd".equals(pc.getIdentifier())
+ && "".equals(pc.getPassword())) {
+ return;
} else {
throw new IOException("Authentication failed");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
