Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.ws.security.message
Class UsernameTokenTest

java.lang.Object
  extended by org.junit.Assert
      extended by org.apache.ws.security.message.UsernameTokenTest
All Implemented Interfaces:
javax.security.auth.callback.CallbackHandler
public class UsernameTokenTest
extends org.junit.Assert
implements javax.security.auth.callback.CallbackHandler

WS-Security Test Case for UsernameTokens.

Author:
Davanum Srinivas (dims@yahoo.com)

Constructor Summary
UsernameTokenTest()
           
 
Method Summary
 void handle(javax.security.auth.callback.Callback[] callbacks)
          A CallbackHandler for some (mostly insecure) scenarios.
 void testEmptyPasswordProcessing()
          Test that processes a UserNameToken with an empty password
 void testMultipleCreated()
          A test for sending multiple Created elements in the UsernameToken
 void testMultipleNonce()
          A test for sending multiple nonces in the UsernameToken
 void testMultiplePassword()
          A test for sending multiple passwords in the UsernameToken
 void testNonceBadEncodingType()
          A test for sending a nonce with a bad encoding type in the UsernameToken
 void testNullCreated()
          A test for WSS-66 - the created string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."
 void testNullNonce()
          A test for WSS-66 - the nonce string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."
 void testUsernameTokenBadDigest()
          Test that adds a UserNameToken with a bad password Digest to a WS-Security envelope
 void testUsernameTokenBadText()
          Test that adds a UserNameToken with (bad) password text to a WS-Security envelope
 void testUsernameTokenBadUsername()
          Test that a bad username with password digest does not leak whether the username is valid or not - see WSS-141.
 void testUsernameTokenCustomFail()
          Test with a non-standard token type.
 void testUsernameTokenCustomPass()
          Test with a non-standard password type.
 void testUsernameTokenDigest()
          Test that adds a UserNameToken with password Digest to a WS-Security envelope
 void testUsernameTokenDigestText()
          Test that adds a UserNameToken with a digested password but with type of password test.
 void testUsernameTokenEmptyPassword()
          Test that adds a UserNameToken with an empty password
 void testUsernameTokenNonceEncodingType()
          Test that verifies an EncodingType is set for the nonce.
 void testUsernameTokenNoPassword()
          Test that adds a UserNameToken with no password
 void testUsernameTokenNoPasswordType()
          Test that adds a UserNameToken with no password type to a WS-Security envelope See WSS-152 - https://issues.apache.org/jira/browse/WSS-152 "Problem with processing Username Tokens with no password type" The 1.1 spec states that the password type is optional and defaults to password text, and so we should handle an incoming Username Token accordingly.
 void testUsernameTokenNoUser()
          Test that adds a UserNameToken with no user (or password) to a WS-Security envelope See WSS-185 - https://issues.apache.org/jira/browse/WSS-185 "NullPointerException on empty UsernameToken"
 void testUsernameTokenText()
          Test that adds a UserNameToken with password text to a WS-Security envelope
 void testUsernameTokenWithEncodedPassword()
          Test that adds a UserNameToken with password Digest to a WS-Security envelope
 void testUsernameTokenWithEncodedPasswordBaseline()
          Test for encoded passwords.
 void testUsernameTokenWSHandler()
          Test that adds a UserNameToken via WSHandler
 void testUsernameTokenWSHandlerEmptyPassword()
          Test that adds a UserNameToken with an empty password via WSHandler
 void testUsernameTokenWSHandlerNoPassword()
          Test that adds a UserNameToken with no password via WSHandler
 
Methods inherited from class org.junit.Assert
assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertThat, assertThat, assertTrue, assertTrue, fail, fail
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UsernameTokenTest

public UsernameTokenTest()
Method Detail

testUsernameTokenDigest

public void testUsernameTokenDigest()
                             throws java.lang.Exception
Test that adds a UserNameToken with password Digest to a WS-Security envelope

Throws:
java.lang.Exception

testUsernameTokenWithEncodedPasswordBaseline

public void testUsernameTokenWithEncodedPasswordBaseline()
                                                  throws java.lang.Exception
Test for encoded passwords.

Throws:
java.lang.Exception

testUsernameTokenWithEncodedPassword

public void testUsernameTokenWithEncodedPassword()
                                          throws java.lang.Exception
Test that adds a UserNameToken with password Digest to a WS-Security envelope

Throws:
java.lang.Exception

testUsernameTokenBadUsername

public void testUsernameTokenBadUsername()
                                  throws java.lang.Exception
Test that a bad username with password digest does not leak whether the username is valid or not - see WSS-141.

Throws:
java.lang.Exception

testUsernameTokenBadDigest

public void testUsernameTokenBadDigest()
                                throws java.lang.Exception
Test that adds a UserNameToken with a bad password Digest to a WS-Security envelope

Throws:
java.lang.Exception

testUsernameTokenText

public void testUsernameTokenText()
                           throws java.lang.Exception
Test that adds a UserNameToken with password text to a WS-Security envelope

Throws:
java.lang.Exception

testUsernameTokenDigestText

public void testUsernameTokenDigestText()
                                 throws java.lang.Exception
Test that adds a UserNameToken with a digested password but with type of password test.

Throws:
java.lang.Exception

testUsernameTokenBadText

public void testUsernameTokenBadText()
                              throws java.lang.Exception
Test that adds a UserNameToken with (bad) password text to a WS-Security envelope

Throws:
java.lang.Exception

testUsernameTokenNoPasswordType

public void testUsernameTokenNoPasswordType()
                                     throws java.lang.Exception
Test that adds a UserNameToken with no password type to a WS-Security envelope See WSS-152 - https://issues.apache.org/jira/browse/WSS-152 "Problem with processing Username Tokens with no password type" The 1.1 spec states that the password type is optional and defaults to password text, and so we should handle an incoming Username Token accordingly.

Throws:
java.lang.Exception

testUsernameTokenNoUser

public void testUsernameTokenNoUser()
                             throws java.lang.Exception
Test that adds a UserNameToken with no user (or password) to a WS-Security envelope See WSS-185 - https://issues.apache.org/jira/browse/WSS-185 "NullPointerException on empty UsernameToken"

Throws:
java.lang.Exception

testUsernameTokenNoPassword

public void testUsernameTokenNoPassword()
                                 throws java.lang.Exception
Test that adds a UserNameToken with no password

Throws:
java.lang.Exception

testUsernameTokenEmptyPassword

public void testUsernameTokenEmptyPassword()
                                    throws java.lang.Exception
Test that adds a UserNameToken with an empty password

Throws:
java.lang.Exception

testEmptyPasswordProcessing

public void testEmptyPasswordProcessing()
                                 throws java.lang.Exception
Test that processes a UserNameToken with an empty password

Throws:
java.lang.Exception

testUsernameTokenCustomFail

public void testUsernameTokenCustomFail()
                                 throws java.lang.Exception
Test with a non-standard token type. This will fail as the default is to reject custom token types.

Throws:
java.lang.Exception

testUsernameTokenCustomPass

public void testUsernameTokenCustomPass()
                                 throws java.lang.Exception
Test with a non-standard password type. This will pass as the WSSConfig is configured to handle custom token types.

Throws:
java.lang.Exception

testNullNonce

public void testNullNonce()
                   throws java.lang.Exception
A test for WSS-66 - the nonce string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."

Throws:
java.lang.Exception

testNullCreated

public void testNullCreated()
                     throws java.lang.Exception
A test for WSS-66 - the created string is null http://issues.apache.org/jira/browse/WSS-66 "Possible security hole when PasswordDigest is used by client."

Throws:
java.lang.Exception

testUsernameTokenNonceEncodingType

public void testUsernameTokenNonceEncodingType()
                                        throws java.lang.Exception
Test that verifies an EncodingType is set for the nonce. See WSS-169.

Throws:
java.lang.Exception

testUsernameTokenWSHandler

public void testUsernameTokenWSHandler()
                                throws java.lang.Exception
Test that adds a UserNameToken via WSHandler

Throws:
java.lang.Exception

testUsernameTokenWSHandlerNoPassword

public void testUsernameTokenWSHandlerNoPassword()
                                          throws java.lang.Exception
Test that adds a UserNameToken with no password via WSHandler

Throws:
java.lang.Exception

testUsernameTokenWSHandlerEmptyPassword

public void testUsernameTokenWSHandlerEmptyPassword()
                                             throws java.lang.Exception
Test that adds a UserNameToken with an empty password via WSHandler

Throws:
java.lang.Exception

testMultipleNonce

public void testMultipleNonce()
                       throws java.lang.Exception
A test for sending multiple nonces in the UsernameToken

Throws:
java.lang.Exception

testMultipleCreated

public void testMultipleCreated()
                         throws java.lang.Exception
A test for sending multiple Created elements in the UsernameToken

Throws:
java.lang.Exception

testMultiplePassword

public void testMultiplePassword()
                          throws java.lang.Exception
A test for sending multiple passwords in the UsernameToken

Throws:
java.lang.Exception

testNonceBadEncodingType

public void testNonceBadEncodingType()
                              throws java.lang.Exception
A test for sending a nonce with a bad encoding type in the UsernameToken

Throws:
java.lang.Exception

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException
A CallbackHandler for some (mostly insecure) scenarios.

Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Throws:
java.io.IOException
javax.security.auth.callback.UnsupportedCallbackException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.