Author: coheigea
Date: Tue Jun 15 14:11:35 2010
New Revision: 954900
URL: http://svn.apache.org/viewvc?rev=954900&view=rev
Log:
[WSS-219] - Forward merged to trunk.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=954900&r1=954899&r2=954900&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
Tue Jun 15 14:11:35 2010
@@ -388,7 +388,12 @@ public class UsernameToken {
* @return the password string or <code>null</code> if no such node exists.
*/
public String getPassword() {
- return nodeString(elementPassword);
+ String password = nodeString(elementPassword);
+ // See WSS-219
+ if (password == null && elementPassword != null) {
+ return "";
+ }
+ return password;
}
/**
@@ -545,7 +550,6 @@ public class UsernameToken {
}
}
return null;
-
}
/**
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java?rev=954900&r1=954899&r2=954900&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java Tue Jun 15
14:11:35 2010
@@ -62,6 +62,7 @@ public class TestWSSecurityNew5 extends
+ "</add>"
+ "</SOAP-ENV:Body>"
+ "</SOAP-ENV:Envelope>";
+
private static final String SOAPUTMSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"; "
@@ -94,6 +95,24 @@ public class TestWSSecurityNew5 extends
+ "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>"
+ "<value xmlns=\"\">15</value>" + "</add>"
+ "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
+ private static final String EMPTY_PASSWORD_MSG =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ + "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"; "
+ + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; "
+ + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>"
+ + "<SOAP-ENV:Header>"
+ + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
+ +
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";>"
+ + "<wsse:UsernameToken wsu:Id=\"UsernameToken-1\" "
+ +
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";
"
+ +
"xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\";>"
+ + "<wsse:Username>emptyuser</wsse:Username>"
+ + "<wsse:Password
Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\"/>"
+ + "</wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>"
+ + "<SOAP-ENV:Body>"
+ + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>"
+ + "<value xmlns=\"\">15</value>" + "</add>"
+ + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
@@ -304,7 +323,13 @@ public class TestWSSecurityNew5 extends
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
- verify(doc);
+ try {
+ verify(doc);
+ throw new Exception("Failure expected on no password");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getErrorCode() ==
WSSecurityException.FAILED_AUTHENTICATION);
+ // expected
+ }
}
/**
@@ -339,7 +364,7 @@ public class TestWSSecurityNew5 extends
public void testUsernameTokenEmptyPassword() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
- builder.setUserInfo("wernerd", "");
+ builder.setUserInfo("emptyuser", "");
LOG.info("Before adding UsernameToken with an empty password....");
Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
WSSecHeader secHeader = new WSSecHeader();
@@ -350,13 +375,22 @@ public class TestWSSecurityNew5 extends
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
- try {
- verify(signedDoc);
- throw new Exception("Failure expected on an password");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() ==
WSSecurityException.FAILED_AUTHENTICATION);
- // expected
+ verify(signedDoc);
+ }
+
+ /**
+ * Test that processes a UserNameToken with an empty password
+ */
+ public void testEmptyPasswordProcessing() throws Exception {
+ Document doc = SOAPUtil.toSOAPPart(EMPTY_PASSWORD_MSG);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Empty password message: ");
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
}
+
+ verify(doc);
}
/**
@@ -631,8 +665,7 @@ public class TestWSSecurityNew5 extends
} else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
&& "emptyuser".equals(pc.getIdentifier())) {
pc.setPassword("");
- }
- else if (
+ } else if (
pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN
) {
if ("customUser".equals(pc.getIdentifier())) {
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
