1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.wss4j;
18
19 import static org.junit.Assert.*;
20
21 import java.io.ByteArrayOutputStream;
22 import java.util.Iterator;
23 import java.util.Properties;
24
25 import javax.xml.namespace.QName;
26
27 import org.junit.Test;
28 import org.springframework.ws.context.DefaultMessageContext;
29 import org.springframework.ws.context.MessageContext;
30 import org.springframework.ws.soap.SoapHeaderElement;
31 import org.springframework.ws.soap.SoapMessage;
32 import org.springframework.ws.soap.security.WsSecurityValidationException;
33 import org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler;
34
35 public abstract class Wss4jMessageInterceptorHeaderTestCase extends Wss4jTestCase {
36
37 private Wss4jSecurityInterceptor interceptor;
38
39 @Override
40 protected void onSetup() throws Exception {
41 Properties users = new Properties();
42 users.setProperty("Bert", "Ernie");
43 interceptor = new Wss4jSecurityInterceptor();
44 interceptor.setValidateRequest(true);
45 interceptor.setSecureResponse(true);
46 interceptor.setValidationActions("UsernameToken");
47 SimplePasswordValidationCallbackHandler callbackHandler = new SimplePasswordValidationCallbackHandler();
48 callbackHandler.setUsers(users);
49 interceptor.setValidationCallbackHandler(callbackHandler);
50 interceptor.afterPropertiesSet();
51 }
52
53 @Test
54 public void testValidateUsernameTokenPlainText() throws Exception {
55 SoapMessage message = loadSoap11Message("usernameTokenPlainTextWithHeaders-soap.xml");
56 MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
57 interceptor.validateMessage(message, messageContext);
58 Object result = getMessage(message);
59 assertNotNull("No result returned", result);
60
61 for (Iterator<SoapHeaderElement> i = message.getEnvelope().getHeader().examineAllHeaderElements(); i.hasNext();) {
62 SoapHeaderElement element = i.next();
63 QName name = element.getName();
64 if (name.getNamespaceURI()
65 .equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
66 fail("Security Header not removed");
67 }
68
69 }
70
71 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security",
72 getDocument(message));
73 assertXpathExists("header1 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header1", getDocument(message));
74 assertXpathExists("header2 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header2", getDocument(message));
75
76 }
77
78 @Test(expected=WsSecurityValidationException.class)
79 public void testEmptySecurityHeader() throws Exception {
80 SoapMessage message = loadSoap11Message("emptySecurityHeader-soap.xml");
81 MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
82 interceptor.validateMessage(message, messageContext);
83 }
84
85 @Test
86 public void testPreserveCustomHeaders() throws Exception {
87 interceptor.setSecurementActions("UsernameToken");
88 interceptor.setSecurementUsername("Bert");
89 interceptor.setSecurementPassword("Ernie");
90
91 ByteArrayOutputStream os = new ByteArrayOutputStream();
92 SoapMessage message = loadSoap11Message("customHeader-soap.xml");
93 MessageContext messageContext = new DefaultMessageContext(message, getSoap11MessageFactory());
94 message.writeTo(os);
95 String document = os.toString("UTF-8");
96 assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
97 document);
98 assertXpathNotExists("Header 2 exist", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2", document);
99
100 interceptor.secureMessage(message, messageContext);
101
102 SoapHeaderElement element = message.getSoapHeader().addHeaderElement(new QName("http://test", "header2"));
103 element.setText("test2");
104
105 os = new ByteArrayOutputStream();
106 message.writeTo(os);
107 document = os.toString("UTF-8");
108 assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
109 document);
110 assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
111 document);
112
113 os = new ByteArrayOutputStream();
114 message.writeTo(os);
115 document = os.toString("UTF-8");
116 assertXpathEvaluatesTo("Header 1 does not exist", "test1", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header1",
117 document);
118 assertXpathEvaluatesTo("Header 2 does not exist", "test2", "/SOAP-ENV:Envelope/SOAP-ENV:Header/test:header2",
119 document);
120 }
121 }