1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.wss4j;
18
19 import java.io.ByteArrayOutputStream;
20 import java.util.Iterator;
21 import java.util.Properties;
22 import javax.xml.namespace.QName;
23
24 import org.springframework.ws.context.DefaultMessageContext;
25 import org.springframework.ws.context.MessageContext;
26 import org.springframework.ws.soap.SoapHeaderElement;
27 import org.springframework.ws.soap.SoapMessage;
28 import org.springframework.ws.soap.security.WsSecurityValidationException;
29 import org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler;
30
31 public abstract class Wss4jMessageInterceptorHeaderTestCase extends Wss4jTestCase {
32
33 private Wss4jSecurityInterceptor interceptor;
34
35 protected void onSetup() throws Exception {
36 Properties users = new Properties();
37 users.setProperty("Bert", "Ernie");
38 interceptor = new Wss4jSecurityInterceptor();
39 interceptor.setValidateRequest(true);
40 interceptor.setSecureResponse(true);
41 interceptor.setValidationActions("UsernameToken");
42 SimplePasswordValidationCallbackHandler callbackHandler = new SimplePasswordValidationCallbackHandler();
43 callbackHandler.setUsers(users);
44 interceptor.setValidationCallbackHandler(callbackHandler);
45 interceptor.afterPropertiesSet();
46 }
47
48 public void testValidateUsernameTokenPlainText() throws Exception {
49 SoapMessage message = loadSoap11Message("usernameTokenPlainTextWithHeaders-soap.xml");
50 MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
51 interceptor.validateMessage(message, messageContext);
52 Object result = getMessage(message);
53 assertNotNull("No result returned", result);
54
55 for (Iterator i = message.getEnvelope().getHeader().examineAllHeaderElements(); i.hasNext();) {
56 SoapHeaderElement element = (SoapHeaderElement) i.next();
57 QName name = element.getName();
58 if (name.getNamespaceURI()
59 .equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
60 fail("Security Header not removed");
61 }
62
63 }
64
65 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security",
66 getDocument(message));
67 assertXpathExists("header1 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header1", getDocument(message));
68 assertXpathExists("header2 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header2", getDocument(message));
69
70 }
71
72 public void testEmptySecurityHeader() throws Exception {
73 SoapMessage message = loadSoap11Message("emptySecurityHeader-soap.xml");
74 MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
75 try {
76 interceptor.validateMessage(message, messageContext);
77 fail("validation must fail for an empty security header.");
78 }
79 catch (WsSecurityValidationException e) {
80
81 }
82 }
83
84 public void testPreserveCustomHeaders() throws Exception {
85 interceptor.setSecurementActions("UsernameToken");
86 interceptor.setSecurementUsername("Bert");
87 interceptor.setSecurementPassword("Ernie");
88
89 ByteArrayOutputStream os = new ByteArrayOutputStream();
90 SoapMessage message = loadSoap11Message("customHeader-soap.xml");
91 MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
92 message.writeTo(os);
93 String document = os.toString("UTF-8");
94 assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
95 document);
96 assertXpathNotExists("Header 2 exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2", document);
97
98 interceptor.secureMessage(message, messageContext);
99
100 SoapHeaderElement element = message.getSoapHeader().addHeaderElement(new QName("http://test", "header2"));
101 element.setText("test2");
102
103 os = new ByteArrayOutputStream();
104 message.writeTo(os);
105 document = os.toString("UTF-8");
106 assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
107 document);
108 assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
109 document);
110
111 os = new ByteArrayOutputStream();
112 message.writeTo(os);
113 document = os.toString("UTF-8");
114 assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
115 document);
116 assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
117 document);
118 }
119 }