Wss4jMessageInterceptorHeaderTestCase xref


1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j;
18  
19  import java.io.ByteArrayOutputStream;
20  import java.util.Iterator;
21  import java.util.Properties;
22  import javax.xml.namespace.QName;
23  
24  import org.springframework.ws.context.DefaultMessageContext;
25  import org.springframework.ws.context.MessageContext;
26  import org.springframework.ws.soap.SoapHeaderElement;
27  import org.springframework.ws.soap.SoapMessage;
28  import org.springframework.ws.soap.security.WsSecurityValidationException;
29  import org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler;
30  
31  public abstract class Wss4jMessageInterceptorHeaderTestCase extends Wss4jTestCase {
32  
33      private Wss4jSecurityInterceptor interceptor;
34  
35      protected void onSetup() throws Exception {
36          Properties users = new Properties();
37          users.setProperty("Bert", "Ernie");
38          interceptor = new Wss4jSecurityInterceptor();
39          interceptor.setValidateRequest(true);
40          interceptor.setSecureResponse(true);
41          interceptor.setValidationActions("UsernameToken");
42          SimplePasswordValidationCallbackHandler callbackHandler = new SimplePasswordValidationCallbackHandler();
43          callbackHandler.setUsers(users);
44          interceptor.setValidationCallbackHandler(callbackHandler);
45          interceptor.afterPropertiesSet();
46      }
47  
48      public void testValidateUsernameTokenPlainText() throws Exception {
49          SoapMessage message = loadSoap11Message("usernameTokenPlainTextWithHeaders-soap.xml");
50          MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
51          interceptor.validateMessage(message, messageContext);
52          Object result = getMessage(message);
53          assertNotNull("No result returned", result);
54  
55          for (Iterator i = message.getEnvelope().getHeader().examineAllHeaderElements(); i.hasNext();) {
56              SoapHeaderElement element = (SoapHeaderElement) i.next();
57              QName name = element.getName();
58              if (name.getNamespaceURI()
59                      .equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
60                  fail("Security Header not removed");
61              }
62  
63          }
64  
65          assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security",
66                  getDocument(message));
67          assertXpathExists("header1 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header1", getDocument(message));
68          assertXpathExists("header2 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header2", getDocument(message));
69  
70      }
71  
72      public void testEmptySecurityHeader() throws Exception {
73          SoapMessage message = loadSoap11Message("emptySecurityHeader-soap.xml");
74          MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
75          try {
76              interceptor.validateMessage(message, messageContext);
77              fail("validation must fail for an empty security header.");
78          }
79          catch (WsSecurityValidationException e) {
80              // expected
81          }
82      }
83  
84      public void testPreserveCustomHeaders() throws Exception {
85          interceptor.setSecurementActions("UsernameToken");
86          interceptor.setSecurementUsername("Bert");
87          interceptor.setSecurementPassword("Ernie");
88  
89          ByteArrayOutputStream os = new ByteArrayOutputStream();
90          SoapMessage message = loadSoap11Message("customHeader-soap.xml");
91          MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
92          message.writeTo(os);
93          String document = os.toString("UTF-8");
94          assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
95                  document);
96          assertXpathNotExists("Header 2 exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2", document);
97  
98          interceptor.secureMessage(message, messageContext);
99  
100         SoapHeaderElement element = message.getSoapHeader().addHeaderElement(new QName("http://test", "header2"));
101         element.setText("test2");
102 
103         os = new ByteArrayOutputStream();
104         message.writeTo(os);
105         document = os.toString("UTF-8");
106         assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
107                 document);
108         assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
109                 document);
110 
111         os = new ByteArrayOutputStream();
112         message.writeTo(os);
113         document = os.toString("UTF-8");
114         assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
115                 document);
116         assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
117                 document);
118     }
119 }