Skip to content
Permalink
Browse files
[CXF-5540] - Add a flag to return the security cause error in a SOAP …
…Fault

git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1564386 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
coheigea committed Feb 4, 2014
1 parent b2d38cf commit 1d884dc801901c2f343582651fc5aca05d81f24a
Show file tree
Hide file tree
Showing 7 changed files with 99 additions and 5 deletions.
@@ -202,6 +202,12 @@ public final class SecurityConstants {
public static final String ENABLE_STREAMING_SECURITY =
"ws-security.enable.streaming";

/**
* Whether to return the security error message to the client, and not one of the default error
* QNames. The default is false.
*/
public static final String RETURN_SECURITY_ERROR = "ws-security.return.security.error";

//
// Non-boolean WS-Security Configuration parameters
//
@@ -542,7 +548,7 @@ public final class SecurityConstants {
STS_TOKEN_PROPERTIES, STS_TOKEN_USERNAME, STS_TOKEN_ACT_AS, STS_TOKEN_ON_BEHALF_OF,
TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
ASYMMETRIC_SIGNATURE_ALGORITHM, PASSWORD_ENCRYPTOR_INSTANCE, ENABLE_SAML_ONE_TIME_USE_CACHE,
SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY
SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY, RETURN_SECURITY_ERROR
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
@@ -310,7 +310,7 @@ public void handleMessage(SoapMessage msg) throws Fault {
msg.put(SECURITY_PROCESSED, Boolean.TRUE);

} catch (WSSecurityException e) {
throw createSoapFault(version, e);
throw createSoapFault(msg, version, e);
} catch (XMLStreamException e) {
throw new SoapFault(new Message("STAX_EX", LOG), e, version.getSender());
} catch (SOAPException e) {
@@ -799,9 +799,18 @@ protected ReplayCache getReplayCache(
* as the fault code from the WSSecurityException.
*/
private SoapFault
createSoapFault(SoapVersion version, WSSecurityException e) {
createSoapFault(SoapMessage message, SoapVersion version, WSSecurityException e) {
SoapFault fault;
String errorMessage = e.getSafeExceptionMessage();

String errorMessage = null;
boolean returnSecurityError =
MessageUtils.getContextualBoolean(message, SecurityConstants.RETURN_SECURITY_ERROR, false);
if (returnSecurityError) {
errorMessage = e.getMessage();
} else {
errorMessage = e.getSafeExceptionMessage();
}

javax.xml.namespace.QName faultCode = e.getFaultCode();
if (version.getVersion() == 1.1 && faultCode != null) {
fault = new SoapFault(errorMessage, e, faultCode);
@@ -107,6 +107,42 @@ public static void cleanup() throws Exception {
stopAllServers();
}

@org.junit.Test
public void testSymmetricErrorMessage() throws Exception {

SpringBusFactory bf = new SpringBusFactory();
URL busFile = X509TokenTest.class.getResource("client.xml");

Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);

URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItSymmetricErrorMessagePort");
DoubleItPortType x509Port =
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(x509Port, test.getPort());

if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(x509Port);
}

// TODO Wait until we pick up WSS4J 2.0.0-SNAPSHOT again
if (PORT.equals(test.getPort())) {
try {
x509Port.doubleIt(25);
fail("Failure expected on an incorrect key");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
String error = "No certificates were found for decryption";
assertTrue(ex.getMessage().contains(error));
}
}

((java.io.Closeable)x509Port).close();
bus.shutdown(true);
}

@org.junit.Test
public void testKeyIdentifier() throws Exception {

@@ -18,7 +18,25 @@
under the License.
-->
<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802" name="DoubleIt" targetNamespace="http://www.example.org/contract/DoubleIt">
<wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/>
<wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/>
<wsdl:binding name="DoubleItSymmetricErrorMessageBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItKeyIdentifierPolicy"/>
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="DoubleIt">
<soap:operation soapAction=""/>
<wsdl:input>
<soap:body use="literal"/>
<wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
<wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
</wsdl:output>
<wsdl:fault name="DoubleItFault">
<soap:body use="literal" name="DoubleItFault"/>
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="DoubleItKeyIdentifierBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItKeyIdentifierPolicy"/>
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -553,6 +571,10 @@
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItSymmetricErrorMessagePort"
binding="tns:DoubleItSymmetricErrorMessageBinding">
<soap:address location="http://localhost:9001/DoubleItX509SymmetricErrorMessage"/>
</wsdl:port>
<wsdl:port name="DoubleItKeyIdentifierPort" binding="tns:DoubleItKeyIdentifierBinding">
<soap:address location="http://localhost:9001/DoubleItX509KeyIdentifier"/>
</wsdl:port>
@@ -24,6 +24,12 @@
<cxf:logging/>
</cxf:features>
</cxf:bus>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricErrorMessagePort" createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.encryption.properties" value="bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
</jaxws:properties>
</jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItKeyIdentifierPort" createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.encryption.properties" value="bob.properties"/>
@@ -47,6 +47,13 @@
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricErrorMessage" address="http://localhost:${testutil.ports.Server}/DoubleItX509SymmetricErrorMessage" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricErrorMessagePort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties" value="alice.properties"/>
<entry key="ws-security.return.security.error" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KeyIdentifier" address="http://localhost:${testutil.ports.Server}/DoubleItX509KeyIdentifier" serviceName="s:DoubleItService" endpointName="s:DoubleItKeyIdentifierPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
@@ -47,6 +47,14 @@
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricErrorMessage" address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509SymmetricErrorMessage" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricErrorMessagePort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties" value="alice.properties"/>
<entry key="ws-security.return.security.error" value="true"/>
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KeyIdentifier" address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509KeyIdentifier" serviceName="s:DoubleItService" endpointName="s:DoubleItKeyIdentifierPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>

0 comments on commit 1d884dc

Please sign in to comment.