apache...

veithen Sat, 25 Aug 2012 00:34:08 -0700

Author: veithen
Date: Sat Aug 25 07:33:18 2012
New Revision: 1377230

URL: http://svn.apache.org/viewvc?rev=1377230&view=rev
Log:
RAMPART-358: Fixed the security fault detection code.


Added:
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
   (with props)
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/
    axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
   (with props)
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
   (with props)
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
   (with props)
Modified:
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1377230&r1=1377229&r2=1377230&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
 Sat Aug 25 07:33:18 2012
@@ -16,13 +16,8 @@
 
 package org.apache.rampart;
 
-import org.apache.axiom.soap.SOAP11Constants;
-import org.apache.axiom.soap.SOAP12Constants;
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axiom.soap.SOAPFault;
-import org.apache.axiom.soap.SOAPFaultCode;
-import org.apache.axiom.soap.SOAPFaultSubCode;
-import org.apache.axiom.soap.SOAPFaultValue;
 import org.apache.axiom.soap.SOAPHeader;
 import org.apache.axiom.soap.SOAPHeaderBlock;
 import org.apache.axis2.AxisFault;
@@ -290,41 +285,7 @@ public class RampartEngine {
 
        
        private boolean isSecurityFault(RampartMessageData rmd) {
-
-               SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
-               SOAPFault soapFault = soapEnvelope.getBody().getFault();
-
-               // This is not a soap fault
-               if (soapFault == null) {
-                       return false;
-               }
-
-               String soapVersionURI = 
rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
-               SOAPFaultCode faultCode = soapFault.getCode();
-               if(faultCode == null){
-                       //If no fault code is given, then it can't be security 
fault
-                       return false;
-               }
-               
-               if 
(soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
-                       // This is a fault processing the security header
-                       if 
(faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
-                               return true;
-                       }
-               } else if 
(soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
-                       // TODO AXIOM API returns only one fault sub code, 
there can be many
-                       SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
-                       if (faultSubCode != null) {
-                               SOAPFaultValue faultSubCodeValue = 
faultSubCode.getValue();
-
-                               // This is a fault processing the security 
header
-                               if (faultSubCodeValue != null && 
faultSubCodeValue.getTextAsQName().
-                                               
getNamespaceURI().equals(WSConstants.WSSE_NS)) {
-                                       return true;
-                               }
-                       }
-               }
-
-               return false;
+               SOAPFault soapFault = 
rmd.getMsgContext().getEnvelope().getBody().getFault();
+               return soapFault == null ? false : 
RampartUtil.isSecurityFault(soapFault);
        }
 }

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=1377230&r1=1377229&r2=1377230&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
 Sat Aug 25 07:33:18 2012
@@ -1897,4 +1897,31 @@ public class RampartUtil {
         return 
SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder());
     }
 
+    /**
+     * Check if the given SOAP fault reports a security fault.
+     * 
+     * @param fault
+     *            the SOAP fault; must not be <code>null</code>
+     * @return <code>true</code> if the fault is a security fault; 
<code>false</code> otherwise
+     */
+    public static boolean isSecurityFault(SOAPFault fault) {
+        String soapVersionURI = fault.getNamespaceURI();
+        SOAPFaultCode code = fault.getCode();
+        if (code == null) {
+            // If no fault code is given, then it can't be security fault
+            return false;
+        } else if 
(soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+            return isSecurityFaultCode(code);
+        } else {
+            // For SOAP 1.2 security faults, the fault code is env:Sender, and 
the security fault code is
+            // specified in the subcode
+            SOAPFaultSubCode subCode = code.getSubCode();
+            return subCode == null ? false : isSecurityFaultCode(subCode);
+        }
+    }
+    
+    private static boolean isSecurityFaultCode(SOAPFaultClassifier code) {
+        QName value = code.getValueAsQName();
+        return value == null ? false : 
value.getNamespaceURI().equals(WSConstants.WSSE_NS);
+    }
 }

Added: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java?rev=1377230&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
 (added)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
 Sat Aug 25 07:33:18 2012
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.util;
+
+import junit.framework.TestCase;
+
+import org.apache.axiom.om.OMXMLBuilderFactory;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public class RampartUtilTest extends TestCase {
+    public void testIsSecurityFaultSOAP11() {
+        SOAPEnvelope env = OMXMLBuilderFactory.createSOAPModelBuilder(
+                
RampartUtilTest.class.getResourceAsStream("soap11-security-fault.xml"), 
null).getSOAPEnvelope();
+        assertTrue(RampartUtil.isSecurityFault(env.getBody().getFault()));
+    }
+    
+    public void testIsSecurityFaultSOAP12() {
+        SOAPEnvelope env = OMXMLBuilderFactory.createSOAPModelBuilder(
+                
RampartUtilTest.class.getResourceAsStream("soap12-security-fault.xml"), 
null).getSOAPEnvelope();
+        assertTrue(RampartUtil.isSecurityFault(env.getBody().getFault()));
+    }
+
+    public void testIsSecurityFaultSOAP11Invalid() {
+        SOAPEnvelope env = OMXMLBuilderFactory.createSOAPModelBuilder(
+                
RampartUtilTest.class.getResourceAsStream("soap11-invalid-fault.xml"), 
null).getSOAPEnvelope();
+        assertFalse(RampartUtil.isSecurityFault(env.getBody().getFault()));
+    }
+}

Propchange: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/util/RampartUtilTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml?rev=1377230&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
 (added)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
 Sat Aug 25 07:33:18 2012
@@ -0,0 +1,9 @@
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";>
+   <env:Header/>
+   <env:Body>
+      <env:Fault>
+         <faultcode>{HATA KODU:}K060</faultcode>
+         <faultstring>...</faultstring>
+      </env:Fault>
+   </env:Body>
+</env:Envelope>

Propchange: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-invalid-fault.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml?rev=1377230&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
 (added)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
 Sat Aug 25 07:33:18 2012
@@ -0,0 +1,10 @@
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";>
+   <env:Header/>
+   <env:Body>
+      <env:Fault 
xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
+         <faultcode>ns0:InvalidSecurity</faultcode>
+         <faultstring>InvalidSecurity : error in processing the WS-Security 
security header</faultstring>
+         <faultactor/>
+      </env:Fault>
+   </env:Body>
+</env:Envelope>

Propchange: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap11-security-fault.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml?rev=1377230&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
 (added)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
 Sat Aug 25 07:33:18 2012
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
+    <soapenv:Body>
+        <soapenv:Fault>
+            <soapenv:Code>
+                <soapenv:Value>soapenv:Sender</soapenv:Value>
+                <soapenv:Subcode>
+                    <soapenv:Value 
xmlns:axis2ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>axis2ns1:FailedAuthentication</soapenv:Value>
+                </soapenv:Subcode>
+            </soapenv:Code>
+            <soapenv:Reason>
+                <soapenv:Text>CWWSS6521E: The Login failed because of an 
exception: javax.security.auth.login.LoginException: CWWSS7062E: Failed to 
check username [user1] and password in the UserRegsitry: 
WSSUserRegistryProcessor.checkRegistry()=false</soapenv:Text>
+            </soapenv:Reason>
+            <soapenv:Detail></soapenv:Detail>
+        </soapenv:Fault>
+    </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file

Propchange: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/util/soap12-security-fault.xml
------------------------------------------------------------------------------
    svn:eol-style = native

svn commit: r1377230 - in /axis/axis2/java/rampart/trunk/modules/rampart-core/src: main/java/org/apache/rampart/ main/java/org/apache/rampart/util/ test/ test/java/ test/java/org/ test/java/org/apache/ test/java/org/apache/rampart/ test/java/org/apache...

Reply via email to