Author: coheigea
Date: Mon Dec 15 06:41:23 2008
New Revision: 726704
URL: http://svn.apache.org/viewvc?rev=726704&view=rev
Log:
[WSS-152] - Problem with processing Username Tokens with no password type
- Added a test for this as well.
- Some minor cleanups in the UsernameTokenProcessor.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java?rev=726704&r1=726703&r2=726704&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
Mon Dec 15 06:41:23 2008
@@ -143,8 +143,9 @@
}
return;
}
- if (elementPassword != null) {
- passwordType = elementPassword.getAttribute("Type");
+ if (elementPassword != null
+ &&
elementPassword.hasAttribute(WSConstants.PASSWORD_TYPE_ATTR)) {
+ passwordType =
elementPassword.getAttribute(WSConstants.PASSWORD_TYPE_ATTR);
}
if (passwordType != null
&& passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=726704&r1=726703&r2=726704&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
Mon Dec 15 06:41:23 2008
@@ -44,7 +44,8 @@
private UsernameToken ut;
private boolean handleCustomPasswordTypes;
- public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc)
throws WSSecurityException {
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb,
+ WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws
WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found UsernameToken list element");
}
@@ -53,7 +54,7 @@
Principal lastPrincipalFound = handleUsernameToken((Element) elem, cb);
returnResults.add(0, new WSSecurityEngineResult(WSConstants.UT,
lastPrincipalFound, null, null, null));
- utId = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+ utId = ut.getID();
}
/**
@@ -77,6 +78,12 @@
*/
public WSUsernameTokenPrincipal handleUsernameToken(Element token,
CallbackHandler cb)
throws WSSecurityException {
+ if (cb == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
"noCallback");
+ }
+ //
+ // Parse the UsernameToken element
+ //
ut = new UsernameToken(token);
String user = ut.getName();
String password = ut.getPassword();
@@ -97,11 +104,8 @@
// then delegate authentication to the callback handler
//
if (ut.isHashed()) {
- if (cb == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
"noCallback");
- }
-
- WSPasswordCallback pwCb = new WSPasswordCallback(user,
WSPasswordCallback.USERNAME_TOKEN);
+ WSPasswordCallback pwCb =
+ new WSPasswordCallback(user,
WSPasswordCallback.USERNAME_TOKEN);
callbacks[0] = pwCb;
try {
cb.handle(callbacks);
@@ -136,9 +140,10 @@
}
ut.setRawPassword(origPassword);
} else {
- if (cb == null) {
- throw new WSSecurityException(WSSecurityException.FAILURE,
"noCallback");
- } else if (!WSConstants.PASSWORD_TEXT.equals(pwType) &&
!handleCustomPasswordTypes) {
+ if (!WSConstants.PASSWORD_TEXT.equals(pwType)
+ && pwType != null
+ && !handleCustomPasswordTypes
+ ) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed as
handleCustomUsernameTokenTypes is false");
}
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java?rev=726704&r1=726703&r2=726704&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew5.java Mon Dec 15
06:41:23 2008
@@ -56,6 +56,22 @@
private static Log log = LogFactory.getLog(TestWSSecurityNew5.class);
static final String NS = "http://www.w3.org/2000/09/xmldsig#";;
static final String soapMsg = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>" + "<SOAP-ENV:Body>" +
"<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>" + "<value
xmlns=\"\">15</value>" + "</add>" + "</SOAP-ENV:Body>\r\n \r\n" +
"</SOAP-ENV:Envelope>";
+ static final String soapUtMsg =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ + "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"; "
+ + "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; "
+ + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>"
+ + "<SOAP-ENV:Header>"
+ + "<wsse:Security SOAP-ENV:mustUnderstand=\"1\" "
+ +
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";>"
+ + "<wsse:UsernameToken wsu:Id=\"UsernameToken-29477163\"
xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\";>"
+ + "<wsse:Username>wernerd</wsse:Username>"
+ + "<wsse:Password>verySecret</wsse:Password>"
+ + "</wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>"
+ + "<SOAP-ENV:Body>"
+ + "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\";>"
+ + "<value xmlns=\"\">15</value>" + "</add>"
+ + "</SOAP-ENV:Body>\r\n \r\n" + "</SOAP-ENV:Envelope>";
static final WSSecurityEngine secEngine = new WSSecurityEngine();
MessageContext msgContext;
SOAPEnvelope unsignedEnvelope;
@@ -274,6 +290,26 @@
}
/**
+ * Test that adds a UserNameToken with no password type to a WS-Security
envelope
+ * See WSS-152 - https://issues.apache.org/jira/browse/WSS-152
+ * "Problem with processing Username Tokens with no password type"
+ * The 1.1 spec states that the password type is optional and defaults to
password text,
+ * and so we should handle an incoming Username Token accordingly.
+ */
+ public void testUsernameTokenNoPasswordType() throws Exception {
+ InputStream in = new ByteArrayInputStream(soapUtMsg.getBytes());
+ Message msg = new Message(in);
+ msg.setMessageContext(msgContext);
+ SOAPEnvelope utEnvelope = msg.getSOAPEnvelope();
+ Document doc = utEnvelope.getAsDocument();
+ if (log.isDebugEnabled()) {
+ Message utMsg = SOAPUtil.toAxisMessage(doc);
+ XMLUtils.PrettyElementToWriter(utMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
+ }
+ verify(doc);
+ }
+
+ /**
* Test with a null token type. This will fail as the default is to reject
custom
* token types.
* <p/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
