WCFUsernameTokenTest xref


1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.message.token;
21  
22  import org.apache.ws.security.WSSecurityException;
23  import org.apache.ws.security.WSSecurityEngine;
24  import org.apache.ws.security.WSSConfig;
25  import org.apache.ws.security.common.SOAPUtil;
26  import org.apache.ws.security.common.UsernamePasswordCallbackHandler;
27  import org.w3c.dom.Document;
28  
29  import javax.security.auth.callback.CallbackHandler;
30  
31  
32  /**
33   * A test-case for WSS-199 - "Add support for WCF non-standard Username Tokens"
34   * (see also WSS-148 - "WCF interop issue: Namespace not honored incase of attributes.").
35   * The issue is that WCF generated Username Tokens where the password type is namespace
36   * qualified (incorrectly). WSS-199 added the ability to process these Username Tokens.
37   */
38  public class WCFUsernameTokenTest extends org.junit.Assert {
39      private static final org.apache.commons.logging.Log LOG = 
40          org.apache.commons.logging.LogFactory.getLog(WCFUsernameTokenTest.class);
41      private static final String SOAPUTMSG = 
42          "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" 
43          + "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" "
44          + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" "
45          + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">"
46          + "<SOAP-ENV:Header>"
47          + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
48          + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">"
49          + "<wsse:UsernameToken wsu:Id=\"UsernameToken-29477163\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">"
50          + "<wsse:Username>wernerd</wsse:Username>"
51          + "<wsse:Password " 
52          + "wsse:Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">verySecret</wsse:Password>"
53          + "</wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>"
54          + "<SOAP-ENV:Body>" 
55          + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">" 
56          + "<value xmlns=\"\">15</value>" + "</add>" 
57          + "</SOAP-ENV:Body>\r\n       \r\n" + "</SOAP-ENV:Envelope>";
58      
59      private WSSecurityEngine secEngine = new WSSecurityEngine();
60      private CallbackHandler callbackHandler = new UsernamePasswordCallbackHandler();
61      
62      public WCFUsernameTokenTest() {
63          WSSConfig config = WSSConfig.getNewInstance();
64          config.setWsiBSPCompliant(false);
65          secEngine.setWssConfig(config);
66      }
67  
68      /**
69       * Test that adds a UserNameToken with a namespace qualified type. This should fail
70       * as WSS4J rejects these tokens by default.
71       */
72      @org.junit.Test
73      public void testNamespaceQualifiedTypeRejected() throws Exception {
74          Document doc = SOAPUtil.toSOAPPart(SOAPUTMSG);
75  
76          if (LOG.isDebugEnabled()) {
77              LOG.debug("Message with UserNameToken PW Digest:");
78              String outputString = 
79                  org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
80              LOG.debug(outputString);
81          }
82          try {
83              verify(doc);
84              fail("Failure expected on a bad password type");
85          } catch (WSSecurityException ex) {
86              // expected
87          }
88      }
89      
90      
91      /**
92       * Test that adds a UserNameToken with a namespace qualified type. This should pass
93       * as WSS4J has been configured to accept these tokens.
94       */
95      @org.junit.Test
96      public void testNamespaceQualifiedTypeAccepted() throws Exception {
97          Document doc = SOAPUtil.toSOAPPart(SOAPUTMSG);
98  
99          if (LOG.isDebugEnabled()) {
100             LOG.debug("Message with UserNameToken PW Digest:");
101             String outputString = 
102                 org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
103             LOG.debug(outputString);
104         }
105         WSSConfig wssConfig = secEngine.getWssConfig();
106         wssConfig.setAllowNamespaceQualifiedPasswordTypes(true);
107         secEngine.setWssConfig(wssConfig);
108         verify(doc);
109     }
110     
111     
112     /**
113      * Verifies the soap envelope
114      * 
115      * @param env soap envelope
116      * @throws java.lang.Exception Thrown when there is a problem in verification
117      */
118     private void verify(Document doc) throws Exception {
119         LOG.info("Before verifying UsernameToken....");
120         secEngine.processSecurityHeader(doc, null, callbackHandler, null);
121         LOG.info("After verifying UsernameToken....");
122     }
123 
124 }