ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1865470 - in /webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src: main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Date Mon, 19 Aug 2019 15:39:48 GMT
Author: coheigea
Date: Mon Aug 19 15:39:47 2019
New Revision: 1865470

URL: http://svn.apache.org/viewvc?rev=1865470&view=rev
Log:
Better diagnostics ws-security-stax on empty password

Implements #WSS-653

Modified:
    webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
    webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java?rev=1865470&r1=1865469&r2=1865470&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/UsernameTokenOutputProcessor.java
Mon Aug 19 15:39:47 2019
@@ -77,7 +77,8 @@ public class UsernameTokenOutputProcesso
             }
 
             if (password == null && WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE
!= usernameTokenPasswordType) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
+                final Object[] args = {((WSSSecurityProperties) getSecurityProperties()).getTokenUser()
};
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noPassword",
args);
             }
 
             final String wsuId = IDGenerator.generateID(null);

Modified: webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java?rev=1865470&r1=1865469&r2=1865470&view=diff
==============================================================================
--- webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
(original)
+++ webservices/wss4j/branches/2_2_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/UsernameTokenTest.java
Mon Aug 19 15:39:47 2019
@@ -521,6 +521,38 @@ public class UsernameTokenTest extends A
     }
 
     @Test
+    public void testOutboundPW_TEXT_withEmptyPassword() throws Exception {
+        String transmitter = "sender";
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            List<WSSConstants.Action> actions = new ArrayList<>();
+            actions.add(WSSConstants.USERNAMETOKEN);
+            securityProperties.setActions(actions);
+            securityProperties.setTokenUser(transmitter);
+            securityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
+            securityProperties.setCallbackHandler(x -> {});
+
+            try {
+                OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+                XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, StandardCharsets.UTF_8.name(),
new ArrayList<SecurityEvent>());
+                XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+                XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+                xmlStreamWriter.close();
+                fail("Expecting an XMLStreamException");
+            } catch (XMLStreamException e) {
+                assertNotNull(e.getCause());
+                assertTrue(WSSecurityException.class.isAssignableFrom(e.getCause().getClass()));
+                WSSecurityException root = (WSSecurityException)e.getCause();
+                assertEquals(root.getErrorCode(), WSSecurityException.ErrorCode.FAILURE);
+                assertEquals("noPassword", root.getMsgID());
+                assertTrue(root.getMessage().contains(transmitter));
+            }
+        }
+    }
+
+    @Test
     public void testOutboundSign() throws Exception {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
 



Mime
View raw message