1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss;
18
19 import javax.security.auth.callback.Callback;
20 import javax.security.auth.callback.CallbackHandler;
21 import javax.xml.soap.SOAPMessage;
22
23 import com.sun.xml.wss.impl.callback.PasswordCallback;
24 import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
25 import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
26 import com.sun.xml.wss.impl.callback.UsernameCallback;
27
28 import org.springframework.core.io.ClassPathResource;
29 import org.springframework.ws.soap.saaj.SaajSoapMessage;
30 import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
31
32 public class XwssMessageInterceptorUsernameTokenTest extends AbstractXwssMessageInterceptorTestCase {
33
34 public void testAddUsernameTokenDigest() throws Exception {
35 interceptor.setPolicyConfiguration(new ClassPathResource("usernameToken-digest-config.xml", getClass()));
36 CallbackHandler handler = new AbstractCallbackHandler() {
37
38 protected void handleInternal(Callback callback) {
39 if (callback instanceof UsernameCallback) {
40 ((UsernameCallback) callback).setUsername("Bert");
41 }
42 else if (callback instanceof PasswordCallback) {
43 PasswordCallback passwordCallback = (PasswordCallback) callback;
44 passwordCallback.setPassword("Ernie");
45 }
46 else {
47 fail("Unexpected callback");
48 }
49 }
50 };
51 interceptor.setCallbackHandler(handler);
52 interceptor.afterPropertiesSet();
53 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
54 interceptor.secureMessage(message, null);
55 SOAPMessage result = message.getSaajMessage();
56 assertNotNull("No result returned", result);
57 assertXpathEvaluatesTo("Invalid Username", "Bert",
58 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Username/text()", result);
59 assertXpathExists("Password does not exist",
60 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Password[@Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest']",
61 result);
62 }
63
64 public void testAddUsernameTokenPlainText() throws Exception {
65 interceptor.setPolicyConfiguration(new ClassPathResource("usernameToken-plainText-config.xml", getClass()));
66 CallbackHandler handler = new AbstractCallbackHandler() {
67
68 protected void handleInternal(Callback callback) {
69 if (callback instanceof UsernameCallback) {
70 ((UsernameCallback) callback).setUsername("Bert");
71 }
72 else if (callback instanceof PasswordCallback) {
73 PasswordCallback passwordCallback = (PasswordCallback) callback;
74 passwordCallback.setPassword("Ernie");
75 }
76 else {
77 fail("Unexpected callback");
78 }
79 }
80 };
81 interceptor.setCallbackHandler(handler);
82 interceptor.afterPropertiesSet();
83 SaajSoapMessage message = loadSaajMessage("empty-soap.xml");
84 interceptor.secureMessage(message, null);
85 SOAPMessage result = message.getSaajMessage();
86 assertNotNull("No result returned", result);
87 assertXpathEvaluatesTo("Invalid Username", "Bert",
88 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Username/text()", result);
89 assertXpathEvaluatesTo("Invalid Password", "Ernie",
90 "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/wsse:UsernameToken/wsse:Password[@Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText']/text()",
91 result);
92 }
93
94 public void testValidateUsernameTokenPlainText() throws Exception {
95 interceptor
96 .setPolicyConfiguration(new ClassPathResource("requireUsernameToken-plainText-config.xml", getClass()));
97 CallbackHandler handler = new AbstractCallbackHandler() {
98
99 protected void handleInternal(Callback callback) {
100 if (callback instanceof PasswordValidationCallback) {
101 PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
102 validationCallback.setValidator(new PasswordValidationCallback.PasswordValidator() {
103 public boolean validate(PasswordValidationCallback.Request request) {
104 if (request instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
105 PasswordValidationCallback.PlainTextPasswordRequest passwordRequest =
106 (PasswordValidationCallback.PlainTextPasswordRequest) request;
107 assertEquals("Invalid username", "Bert", passwordRequest.getUsername());
108 assertEquals("Invalid password", "Ernie", passwordRequest.getPassword());
109 return true;
110 }
111 else {
112 fail("Unexpected request");
113 return false;
114 }
115 }
116 });
117 }
118 else {
119 fail("Unexpected callback");
120 }
121 }
122 };
123 interceptor.setCallbackHandler(handler);
124 interceptor.afterPropertiesSet();
125 SaajSoapMessage message = loadSaajMessage("usernameTokenPlainText-soap.xml");
126 interceptor.validateMessage(message, null);
127 SOAPMessage result = message.getSaajMessage();
128 assertNotNull("No result returned", result);
129 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
130 }
131
132 public void testValidateUsernameTokenDigest() throws Exception {
133 interceptor.setPolicyConfiguration(new ClassPathResource("requireUsernameToken-digest-config.xml", getClass()));
134 CallbackHandler handler = new AbstractCallbackHandler() {
135
136 protected void handleInternal(Callback callback) {
137 if (callback instanceof PasswordValidationCallback) {
138 PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
139 if (validationCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest) {
140 PasswordValidationCallback.DigestPasswordRequest passwordRequest =
141 (PasswordValidationCallback.DigestPasswordRequest) validationCallback.getRequest();
142 assertEquals("Invalid username", "Bert", passwordRequest.getUsername());
143 passwordRequest.setPassword("Ernie");
144 validationCallback.setValidator(new PasswordValidationCallback.DigestPasswordValidator());
145 }
146 else {
147 fail("Unexpected request");
148 }
149 }
150 else if (callback instanceof TimestampValidationCallback) {
151 TimestampValidationCallback validationCallback = (TimestampValidationCallback) callback;
152 validationCallback.setValidator(new TimestampValidationCallback.TimestampValidator() {
153 public void validate(TimestampValidationCallback.Request request) {
154 }
155 });
156 }
157 else {
158 fail("Unexpected callback");
159 }
160 }
161 };
162 interceptor.setCallbackHandler(handler);
163 interceptor.afterPropertiesSet();
164 SaajSoapMessage message = loadSaajMessage("usernameTokenDigest-soap.xml");
165 interceptor.validateMessage(message, null);
166 SOAPMessage result = message.getSaajMessage();
167 assertNotNull("No result returned", result);
168 assertXpathNotExists("Security Header not removed", "/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security", result);
169 }
170
171 }