Wss4jMessageInterceptorHeaderTestCase xref


1   /*
2    * Copyright 2005-2010 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j;
18  
19  import static org.junit.Assert.*;
20  
21  import java.io.ByteArrayOutputStream;
22  import java.util.Iterator;
23  import java.util.Properties;
24  
25  import javax.xml.namespace.QName;
26  
27  import org.junit.Test;
28  import org.springframework.ws.context.DefaultMessageContext;
29  import org.springframework.ws.context.MessageContext;
30  import org.springframework.ws.soap.SoapHeaderElement;
31  import org.springframework.ws.soap.SoapMessage;
32  import org.springframework.ws.soap.security.WsSecurityValidationException;
33  import org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler;
34  
35  public abstract class Wss4jMessageInterceptorHeaderTestCase extends Wss4jTestCase {
36  
37      private Wss4jSecurityInterceptor interceptor;
38  
39      @Override
40      protected void onSetup() throws Exception {
41          Properties users = new Properties();
42          users.setProperty("Bert", "Ernie");
43          interceptor = new Wss4jSecurityInterceptor();
44          interceptor.setValidateRequest(true);
45          interceptor.setSecureResponse(true);
46          interceptor.setValidationActions("UsernameToken");
47          SimplePasswordValidationCallbackHandler callbackHandler = new SimplePasswordValidationCallbackHandler();
48          callbackHandler.setUsers(users);
49          interceptor.setValidationCallbackHandler(callbackHandler);
50          interceptor.afterPropertiesSet();
51      }
52      
53      @Test
54      public void testValidateUsernameTokenPlainText() throws Exception {
55          SoapMessage message = loadSoap11Message("usernameTokenPlainTextWithHeaders-soap.xml");
56          MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
57          interceptor.validateMessage(message, messageContext);
58          Object result = getMessage(message);
59          assertNotNull("No result returned", result);
60  
61          for (Iterator<SoapHeaderElement> i = message.getEnvelope().getHeader().examineAllHeaderElements(); i.hasNext();) {
62              SoapHeaderElement element = i.next();
63              QName name = element.getName();
64              if (name.getNamespaceURI()
65                      .equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
66                  fail("Security Header not removed");
67              }
68  
69          }
70  
71          assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security",
72                  getDocument(message));
73          assertXpathExists("header1 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header1", getDocument(message));
74          assertXpathExists("header2 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header2", getDocument(message));
75  
76      }
77  
78      @Test(expected=WsSecurityValidationException.class)
79      public void testEmptySecurityHeader() throws Exception {
80          SoapMessage message = loadSoap11Message("emptySecurityHeader-soap.xml");
81          MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
82          interceptor.validateMessage(message, messageContext);
83      }
84      
85      @Test
86      public void testPreserveCustomHeaders() throws Exception {
87          interceptor.setSecurementActions("UsernameToken");
88          interceptor.setSecurementUsername("Bert");
89          interceptor.setSecurementPassword("Ernie");
90  
91          ByteArrayOutputStream os = new ByteArrayOutputStream();
92          SoapMessage message = loadSoap11Message("customHeader-soap.xml");
93          MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
94          message.writeTo(os);
95          String document = os.toString("UTF-8");
96          assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
97                  document);
98          assertXpathNotExists("Header 2 exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2", document);
99  
100         interceptor.secureMessage(message, messageContext);
101 
102         SoapHeaderElement element = message.getSoapHeader().addHeaderElement(new QName("http://test", "header2"));
103         element.setText("test2");
104 
105         os = new ByteArrayOutputStream();
106         message.writeTo(os);
107         document = os.toString("UTF-8");
108         assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
109                 document);
110         assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
111                 document);
112 
113         os = new ByteArrayOutputStream();
114         message.writeTo(os);
115         document = os.toString("UTF-8");
116         assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
117                 document);
118         assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
119                 document);
120     }
121 }