Java Code Examples for javax.xml.parsers.DocumentBuilder#setEntityResolver()
The following examples show how to use
javax.xml.parsers.DocumentBuilder#setEntityResolver() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: EntitlementUtil.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* * This method provides a secured document builder which will secure XXE attacks.
*
* @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory.
* @return DocumentBuilder
* @throws ParserConfigurationException
*/
private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws
ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setIgnoringComments(setIgnoreComments);
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setFeature(EXTERNAL_GENERAL_ENTITIES_URI, false);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
documentBuilder.setEntityResolver(new CarbonEntityResolver());
return documentBuilder;
}
Example 2
| Source File: DDProvider.java From netbeans with Apache License 2.0 | 6 votes |
|
/**
* Returns the root of deployment descriptor bean graph for java.io.File object.
*
* @param inputSource source representing the ejb-jar.xml file
* @return EjbJar object - root of the deployment descriptor bean graph
*/
public EjbJar getDDRoot(InputSource inputSource) throws IOException, SAXException {
ErrorHandler errorHandler = new ErrorHandler();
DocumentBuilder parser = createParser(errorHandler);
parser.setEntityResolver(DDResolver.getInstance());
Document document = parser.parse(inputSource);
SAXParseException error = errorHandler.getError();
String version = extractVersion(document);
EjbJar original = createEjbJar(version, document);
EjbJarProxy ejbJarProxy = new EjbJarProxy(original, version);
ejbJarProxy.setError(error);
if (error != null) {
ejbJarProxy.setStatus(EjbJar.STATE_INVALID_PARSABLE);
} else {
ejbJarProxy.setStatus(EjbJar.STATE_VALID);
}
return ejbJarProxy;
}
Example 3
| Source File: XMLUtil.java From util with Apache License 2.0 | 5 votes |
|
/**
* 根据流生成xml dom
* @param is 流
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
*/
public XMLUtil(InputSource is) throws ParserConfigurationException, SAXException, IOException{
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
//不检查DTD
db.setEntityResolver( new EntityResolver() {
public InputSource resolveEntity(String publicId, String systemId)
throws SAXException, IOException {
return new InputSource(new StringReader(""));
}
}
);
//读取文件
doc=db.parse(is);
}
Example 4
| Source File: XmlUtil.java From HtmlUnit-Android with Apache License 2.0 | 5 votes |
|
/**
* Builds a document from the content of the web response.
* A warning is logged if an exception is thrown while parsing the XML content
* (for instance when the content is not a valid XML and can't be parsed).
*
* @param webResponse the response from the server
* @throws IOException if the page could not be created
* @return the parse result
* @throws SAXException if the parsing fails
* @throws ParserConfigurationException if a DocumentBuilder cannot be created
*/
public static Document buildDocument(final WebResponse webResponse)
throws IOException, SAXException, ParserConfigurationException {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
if (webResponse == null) {
return factory.newDocumentBuilder().newDocument();
}
factory.setNamespaceAware(true);
final InputStreamReader reader = new InputStreamReader(
new BOMInputStream(webResponse.getContentAsStream()),
webResponse.getContentCharset());
// we have to do the blank input check and the parsing in one step
final TrackBlankContentReader tracker = new TrackBlankContentReader(reader);
final InputSource source = new InputSource(tracker);
final DocumentBuilder builder = factory.newDocumentBuilder();
builder.setErrorHandler(DISCARD_MESSAGES_HANDLER);
builder.setEntityResolver(new EntityResolver() {
@Override
public InputSource resolveEntity(final String publicId, final String systemId)
throws SAXException, IOException {
return new InputSource(new StringReader(""));
}
});
try {
// this closes the input source/stream
return builder.parse(source);
}
catch (final SAXException e) {
if (tracker.wasBlank()) {
return factory.newDocumentBuilder().newDocument();
}
throw e;
}
}
Example 5
| Source File: XMLUnit.java From xmlunit with Apache License 2.0 | 5 votes |
|
/**
* Get the <code>DocumentBuilder</code> instance used to parse the control
* XML in an XMLTestCase.
* @return parser for control values
* @throws ConfigurationException
*/
public static DocumentBuilder newControlParser()
throws ConfigurationException {
try {
controlBuilderFactory = getControlDocumentBuilderFactory();
DocumentBuilder builder =
controlBuilderFactory.newDocumentBuilder();
if (controlEntityResolver!=null) {
builder.setEntityResolver(controlEntityResolver);
}
return builder;
} catch (ParserConfigurationException ex) {
throw new ConfigurationException(ex);
}
}
Example 6
| Source File: XmlConfigurator.java From gemfirexd-oss with Apache License 2.0 | 5 votes |
|
protected static XmlConfigurator parse(InputStream stream) throws java.io.IOException {
/**
* CAUTION: crappy code ahead ! I (bela) am not an XML expert, so the code below is pretty amateurish...
* But it seems to work, and it is executed only on startup, so no perf loss on the critical path.
* If somebody wants to improve this, please be my guest.
*/
try {
DocumentBuilderFactory factory=DocumentBuilderFactory.newInstance();
factory.setValidating(false); //for now
DocumentBuilder builder=factory.newDocumentBuilder();
builder.setEntityResolver(new ClassPathEntityResolver());
Document document=builder.parse(stream);
// The root element of the document should be the "config" element,
// but the parser(Element) method checks this so a check is not
// needed here.
Element configElement = document.getDocumentElement();
return parse(configElement);
}
catch(Exception x) {
if(x instanceof java.io.IOException)
throw (java.io.IOException)x;
else {
IOException tmp=new IOException();
tmp.initCause(x);
throw tmp;
}
}
}
Example 7
| Source File: DOMUtils.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected Object initialValue() {
try
{
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver(new JBossEntityResolver());
return builder;
}
catch (ParserConfigurationException e)
{
throw PicketBoxMessages.MESSAGES.failedToCreateDocumentBuilder(e);
}
}
Example 8
| Source File: cfDOCUMENT.java From openbd-core with GNU General Public License v3.0 | 5 votes |
|
public Document getDocument( String _renderedBody ) throws cfmRunTimeException{
try{
DocumentBuilder builder;
InputSource is = new InputSource( new StringReader( _renderedBody ) );
Document doc;
DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
builderFactory.setValidating( false );
builder = builderFactory.newDocumentBuilder();
builder.setEntityResolver( new NoValidationResolver() );
doc = builder.parse( is );
return doc;
} catch (Exception e) {
throw newRunTimeException( "Failed to create valid xhtml document due to " + e.getClass().getName() + ": " + e.getMessage() );
}
}
Example 9
| Source File: InMemoryPersistenceManager.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* * This method provides a secured document builder which will secure XXE attacks.
*
* @return DocumentBuilder
* @throws ParserConfigurationException
*/
private DocumentBuilder getSecuredDocumentBuilder() throws ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setFeature(EXTERNAL_GENERAL_ENTITIES_URI, false);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
documentBuilder.setEntityResolver(new CarbonEntityResolver());
return documentBuilder;
}
Example 10
| Source File: CatalogSupportBase.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public void testDOM(boolean setUseCatalog, boolean useCatalog, String catalog,
String xml, MyHandler handler, String expected) throws Exception {
DocumentBuilder docBuilder = getDomBuilder(setUseCatalog, useCatalog, catalog);
docBuilder.setEntityResolver(handler);
Document doc = docBuilder.parse(xml);
Node node = doc.getElementsByTagName(elementInSystem).item(0);
String result = node.getFirstChild().getTextContent();
Assert.assertEquals(result.trim(), expected);
}
Example 11
| Source File: PayaraDDProvider.java From netbeans with Apache License 2.0 | 5 votes |
|
public DDParse(InputSource is, String defaultPublicId) throws SAXException, IOException {
try {
SunDDErrorHandler errorHandler = new SunDDErrorHandler();
DocumentBuilderFactory parserFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder parser = parserFactory.newDocumentBuilder();
parser.setErrorHandler(errorHandler);
parser.setEntityResolver(SunDDResolver.getInstance());
Document d = parser.parse(is);
initialize(d, errorHandler.getError(), defaultPublicId);
} catch (NullPointerException | ParserConfigurationException ex) {
throw new SAXException(ex.getMessage());
}
}
Example 12
| Source File: HttpUnitUtils.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* creates a parser using JAXP API.
*/
public static DocumentBuilder newParser() throws SAXException {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver( new HttpUnitUtils.ClasspathEntityResolver() );
return builder;
} catch (ParserConfigurationException ex) {
// redirect the new exception for code compatibility
throw new SAXException( ex );
}
}
Example 13
| Source File: XPathTest.java From rice with Educational Community License v2.0 | 5 votes |
|
protected Document getDocument(boolean namespaceAware, boolean validate) throws Exception {
// TODO: optimize this
final InputSource source = getTestXMLInputSource();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(validate);
dbf.setNamespaceAware(namespaceAware);
dbf.setAttribute(JAXPConstants.JAXP_SCHEMA_LANGUAGE, JAXPConstants.W3C_XML_SCHEMA);
DocumentBuilder db = dbf.newDocumentBuilder();
LOG.info("Setting entityresolver");
db.setEntityResolver(Util.getNotificationEntityResolver(services.getNotificationContentTypeService()));
db.setErrorHandler(new SimpleErrorHandler(LOG));
return db.parse(source);
}
Example 14
| Source File: SignatureConfirmationTest.java From steady with Apache License 2.0 | 4 votes |
|
private void testSignatureConfirmationResponse(
List<WSHandlerResult> sigSaved,
List<WSHandlerResult> sigReceived
) throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(msg);
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
SOAPPart part = saajMsg.getSOAPPart();
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
msg.setContent(SOAPMessage.class, saajMsg);
msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
msg.put(WSHandlerConstants.RECV_RESULTS, sigReceived);
handler.handleMessage(msg);
doc = part;
assertValid("//wsse:Security", doc);
// assertValid("//wsse:Security/wsse11:SignatureConfirmation", doc);
byte[] docbytes = getMessageBytes(doc);
// System.out.println(new String(docbytes));
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
doc = StaxUtils.read(db, reader, false);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
SoapMessage inmsg = new SoapMessage(new MessageImpl());
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
inmsg.put(WSHandlerConstants.SEND_SIGV, sigSaved);
inHandler.handleMessage(inmsg);
}
Example 15
| Source File: WSS4JInOutTest.java From steady with Apache License 2.0 | 4 votes |
|
@Test
public void testCustomProcessor() throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(msg);
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
SOAPPart part = saajMsg.getSOAPPart();
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
msg.setContent(SOAPMessage.class, saajMsg);
msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
msg.put(WSHandlerConstants.USER, "myalias");
msg.put("password", "myAliasPassword");
handler.handleMessage(msg);
doc = part;
assertValid("//wsse:Security", doc);
assertValid("//wsse:Security/ds:Signature", doc);
byte[] docbytes = getMessageBytes(doc);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
doc = StaxUtils.read(db, reader, false);
final Map<String, Object> properties = new HashMap<String, Object>();
properties.put(
WSS4JInInterceptor.PROCESSOR_MAP,
createCustomProcessorMap()
);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties);
SoapMessage inmsg = new SoapMessage(new MessageImpl());
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.NO_SECURITY);
inHandler.handleMessage(inmsg);
WSSecurityEngineResult result =
(WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
assertNull(result);
}
Example 16
| Source File: WSS4JInOutTest.java From steady with Apache License 2.0 | 4 votes |
|
@Test
public void testCustomProcessor() throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(msg);
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
SOAPPart part = saajMsg.getSOAPPart();
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
msg.setContent(SOAPMessage.class, saajMsg);
msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
msg.put(WSHandlerConstants.USER, "myalias");
msg.put("password", "myAliasPassword");
handler.handleMessage(msg);
doc = part;
assertValid("//wsse:Security", doc);
assertValid("//wsse:Security/ds:Signature", doc);
byte[] docbytes = getMessageBytes(doc);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
doc = StaxUtils.read(db, reader, false);
final Map<String, Object> properties = new HashMap<String, Object>();
properties.put(
WSS4JInInterceptor.PROCESSOR_MAP,
createCustomProcessorMap()
);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor(properties);
SoapMessage inmsg = new SoapMessage(new MessageImpl());
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.NO_SECURITY);
inHandler.handleMessage(inmsg);
WSSecurityEngineResult result =
(WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
assertNull(result);
}
Example 17
| Source File: TldProxyLibraryDescriptor.java From netbeans with Apache License 2.0 | 4 votes |
|
protected LibraryDescriptor parseTLD(InputStream content) throws ParserConfigurationException, SAXException, IOException {
final Map<String, Tag> tags = new HashMap<>();
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
InputSource is = new InputSource(content); //the ecoding should be autodetected
docBuilder.setEntityResolver(UserCatalog.getDefault().getEntityResolver()); //we count on TaglibCatalog from web.core module
Document doc = docBuilder.parse(is);
// //usually the default taglib prefix
// Node tagLib = FaceletsLibraryDescriptor.getNodeByName(doc, "taglib"); //NOI18N
// String prefix = getTextContent(tagLib, "short-name"); //NOI18N
// String uri = getTextContent(tagLib, "uri"); //NOI18N
// String displayName = getTextContent(tagLib, "display-name"); //NOI18N
//scan the <tag> nodes content - the tag descriptions
NodeList tagNodes = doc.getElementsByTagName("tag"); //NOI18N
if (tagNodes != null) {
for (int i = 0; i < tagNodes.getLength(); i++) {
Node tag = tagNodes.item(i);
String tagName = getTextContent(tag, "name"); //NOI18N
String tagDescription = getTextContent(tag, "description"); //NOI18N
Map<String, Attribute> attrs = new HashMap<>();
//find attributes
for (Node attrNode : FaceletsLibraryDescriptor.getNodesByName(tag, "attribute")) { //NOI18N
String aName = getTextContent(attrNode, "name"); //NOI18N
String aDescription = getTextContent(attrNode, "description"); //NOI18N
boolean aRequired = Boolean.parseBoolean(getTextContent(attrNode, "required")); //NOI18N
String aType = null;
String aMethodSignature = null;
//type
Node aDeferredValueNode = FaceletsLibraryDescriptor.getNodeByName(attrNode, "deferred-value"); //NOI18N
if(aDeferredValueNode != null) {
aType = FaceletsLibraryDescriptor.getTextContent(aDeferredValueNode, "type"); //NOI18N
}
//method signature
Node aDeferredMethodNode = FaceletsLibraryDescriptor.getNodeByName(attrNode, "deferred-method"); //NOI18N
if(aDeferredMethodNode != null) {
aType = FaceletsLibraryDescriptor.getTextContent(aDeferredMethodNode, "method-signature"); //NOI18N
}
attrs.put(aName, new Attribute.DefaultAttribute(aName, aDescription, aType, aRequired, aMethodSignature));
}
tags.put(tagName, new TagImpl(tagName, tagDescription, attrs));
}
}
return new LibraryDescriptor() {
@Override
public String getNamespace() {
return TldProxyLibraryDescriptor.this.getNamespace();
}
@Override
public String getPrefix() {
return TldProxyLibraryDescriptor.this.getPrefix();
}
@Override
public Map<String, Tag> getTags() {
return tags;
}
};
}
Example 18
| Source File: SignatureConfirmationTest.java From steady with Apache License 2.0 | 4 votes |
|
private void testSignatureConfirmationResponse(
List<WSHandlerResult> sigSaved,
List<WSHandlerResult> sigReceived
) throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(msg);
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
SOAPPart part = saajMsg.getSOAPPart();
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
msg.setContent(SOAPMessage.class, saajMsg);
msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
msg.put(WSHandlerConstants.RECV_RESULTS, sigReceived);
handler.handleMessage(msg);
doc = part;
assertValid("//wsse:Security", doc);
// assertValid("//wsse:Security/wsse11:SignatureConfirmation", doc);
byte[] docbytes = getMessageBytes(doc);
// System.out.println(new String(docbytes));
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
doc = StaxUtils.read(db, reader, false);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
SoapMessage inmsg = new SoapMessage(new MessageImpl());
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
inmsg.put(WSHandlerConstants.SEND_SIGV, sigSaved);
inHandler.handleMessage(inmsg);
}
Example 19
| Source File: SignatureConfirmationTest.java From steady with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSignatureConfirmationRequest() throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(msg);
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
SOAPPart part = saajMsg.getSOAPPart();
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
msg.setContent(SOAPMessage.class, saajMsg);
msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
msg.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
msg.put(WSHandlerConstants.USER, "myalias");
msg.put("password", "myAliasPassword");
//
// This is necessary to convince the WSS4JOutInterceptor that we're
// functioning as a requestor
//
msg.put(org.apache.cxf.message.Message.REQUESTOR_ROLE, true);
handler.handleMessage(msg);
doc = part;
assertValid("//wsse:Security", doc);
assertValid("//wsse:Security/ds:Signature", doc);
byte[] docbytes = getMessageBytes(doc);
//
// Save the signature for future confirmation
//
List<WSHandlerResult> sigv = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.SEND_SIGV));
assertNotNull(sigv);
assertTrue(sigv.size() != 0);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
doc = StaxUtils.read(db, reader, false);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
SoapMessage inmsg = new SoapMessage(new MessageImpl());
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
inHandler.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
inHandler.handleMessage(inmsg);
//
// Check that the inbound signature result was saved
//
WSSecurityEngineResult result =
(WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
assertNotNull(result);
List<WSHandlerResult> sigReceived =
CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
assertNotNull(sigReceived);
assertTrue(sigReceived.size() != 0);
testSignatureConfirmationResponse(sigv, sigReceived);
}
Example 20
| Source File: WSS4JFaultCodeTest.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Test that an action mismatch gets mapped to a proper fault code
*/
@Test
public void testActionMismatch() throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(msg);
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
SOAPPart part = saajMsg.getSOAPPart();
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
msg.setContent(SOAPMessage.class, saajMsg);
msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
handler.handleMessage(msg);
doc = part;
assertValid("//wsse:Security", doc);
byte[] docbytes = getMessageBytes(doc);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
doc = StaxUtils.read(db, reader, false);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
SoapMessage inmsg = new SoapMessage(new MessageImpl());
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.USERNAME_TOKEN);
inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName());
try {
inHandler.handleMessage(inmsg);
fail("Expected failure on an action mismatch");
} catch (SoapFault fault) {
assertTrue(fault.getReason().startsWith(
"An error was discovered processing the <wsse:Security> header"));
QName faultCode = new QName(WSConstants.WSSE_NS, "InvalidSecurity");
assertTrue(fault.getFaultCode().equals(faultCode));
}
}
