Hi, I have come up with a draft proposal for the above GSoC project idea [1]. It would be really helpful if you can go through it and post some feedback and suggestions for possible improvements.
I think the section of " Estimated schedule" can be written in a more detailed manner. The problem I had was that I am not well aware of the workload and the complexity of each of these tests. So It was a bit hard to decide on which should be done first. Thanks in advance. best regards, / thilina On Sun, Mar 29, 2009 at 5:36 PM, Thilina Buddhika <thilin...@gmail.com>wrote: > Hi, > > Thanks for the reply. I will write to the axis-user list asking for more > ideas. I'll go through the references you have suggested first and then > start working on the proposal as the next step. > > I planning to study the existing tests[1] to get some more inputs to my > proposal. > > thanks. > > / thlina > > [1] - > http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-tests/src/test/java/org/apache/ > > On Sat, Mar 28, 2009 at 11:40 PM, Nandana Mihindukulasooriya < > nandana....@gmail.com> wrote: > >> Hi Thilina, >> Yes, That is one area in Rampart which needs improvements. These >> are some of areas I see which needs more tests. >> >> 1.) Binding level policy configuration >> If you are familiar with Axis2 you must probably know that Axis2 >> added the ability to apply binding level policies via services.xml in >> Axis2. According to WS - Security Policy specification, security >> policies should be at binding level and not in port type (service) >> level. But all the Rampart tests currently uses older configuration >> which applies policies at service level. So one improvements would be >> add tests which uses binding / binding operation / binding message >> level policies. This tutorial will provide more information on how to >> configure policies at these levels [1]. >> >> 2.) Tests for negative scenarios >> Rampart has very few tests for negative scenarios. As this is a >> major part of security testing, I think we need lot more test cases >> for negative scenarios.Some test cases would be, for no security >> header, empty security headers, wrong encrypted parts / signed parts >> etc. >> >> 3.) Improve tests to use code generated stubs, rather than service client >> Most of the tests use service client directly and not the stub >> generated from WSDL. I think we should have test which uses >> dynamically generates stubs from the WSDL. This will cover both WSDL >> generation aspect and code generation aspect when security policies >> are attached to the service. >> >> 4.) Test for policies attached at different levels >> This is extension to point 1.). In addition to binding level >> policies we need to add test cases for message level and operation >> level policies. >> >> 5.) Test cases for Secure MTOM scenarios >> This is also an area which is lacking test cases. >> >> These are the areas that popped in to my mind. I suggest you to write >> to axis-user list also with these ideas and get their feedback. They >> also might have areas that they want to see more test cases in >> Rampart. Tutorials here [2] will help you to get started. >> >> thanks, >> Nandana >> >> [1] - https://wso2.org/library/3786 >> [2] - http://ws.apache.org/rampart/articles.html >> >> On 3/28/09, Thilina Buddhika <thilin...@gmail.com> wrote: >> > Hi, >> > >> > I am Thilina Mahesh Buddhika, an undergraduate student from Sri Lanka. I >> am >> > interested in Apache Rampart project and willing to contribute to it and >> I >> > feel that GSoC is a good entry point. >> > >> > I would like to contribute to improve the rampart tests as my GSoC >> project. >> > I would like to add tests for the features and scenarios that do not >> have >> > tests at the moment. >> > >> > I hope this will be useful to Rampart and I would like to get some >> feedback >> > from the community about this idea. >> > >> > Thanks. >> > >> > / thilina. >> > >> > > > > -- > E-Mail : thilin...@gmail.com > I blog here : http://thilinamb.com > -- E-Mail : thilin...@gmail.com I blog here : http://thilinamb.com
