Examples with Message org.apache.cxf.message.Message used on opensource projects

Example 91 with Message

use of org.apache.cxf.message.Message in project ddf by codice.

the class PepInterceptorActionsTest method testMessageWithNoAction.

@Test(expected = AccessDeniedException.class)
public void testMessageWithNoAction() throws SecurityServiceException {
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithoutAction = mock(Message.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithoutAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    // This should throw an exception.
    interceptor.handleMessage(messageWithoutAction);
}

Example 92 with Message

use of org.apache.cxf.message.Message in project ddf by codice.

the class PepInterceptorActionsTest method testMessageWithDefaultUrlAction.

@Test
public void testMessageWithDefaultUrlAction() throws SecurityServiceException {
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithAction = mock(Message.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("http://catalog/query/", "Search", "ns1");
    QName port = new QName("http://catalog/query/", "QueryPort", "ns1");
    when(messageWithAction.get(MessageContext.WSDL_OPERATION)).thenReturn(op);
    when(messageWithAction.get(MessageContext.WSDL_PORT)).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    doAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocation) throws Throwable {
            CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
            assertEquals("http://catalog/query/QueryPort/SearchRequest", perm.getAction());
            return true;
        }
    }).when(mockSubject).isPermitted(isA(CollectionPermission.class));
    // This should work.
    interceptor.handleMessage(messageWithAction);
}

Example 93 with Message

use of org.apache.cxf.message.Message in project ddf by codice.

the class PepInterceptorInvalidSubjectTest method testMessageInvalidSecurityAssertionToken.

// CHECKSTYLE.ON: VisibilityModifier
@Test
public void testMessageInvalidSecurityAssertionToken() throws SecurityServiceException {
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
    interceptor.setSecurityLogger(mock(SecurityLogger.class));
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithInvalidSecurityAssertion = mock(Message.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithInvalidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    expectedExForInvalidSubject.expect(AccessDeniedException.class);
    expectedExForInvalidSubject.expectMessage("Unauthorized");
    // This should throw
    interceptor.handleMessage(messageWithInvalidSecurityAssertion);
}

Example 94 with Message

use of org.apache.cxf.message.Message in project ddf by codice.

the class PepInterceptorNullAssertionTokenTest method testMessageNullSecurityAssertionToken.

@Test
public void testMessageNullSecurityAssertionToken() {
    Message messageWithNullSecurityAssertion = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    assertNotNull(mockSecurityAssertion);
    PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
    interceptor.setSecurityLogger(mock(SecurityLogger.class));
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(null);
    expectedExForNullMessage.expect(AccessDeniedException.class);
    expectedExForNullMessage.expectMessage("Unauthorized");
    interceptor.handleMessage(messageWithNullSecurityAssertion);
}

Example 95 with Message

use of org.apache.cxf.message.Message in project ddf by codice.

the class PaosInInterceptorTest method handleMessagePaosResponseBasicGood.

@Test
public void handleMessagePaosResponseBasicGood() throws IOException {
    Message message = new MessageImpl();
    message.setContent(InputStream.class, PaosInInterceptorTest.class.getClassLoader().getResource("ecprequest.xml").openStream());
    final String testHeaderKey = "X-Test-Header";
    final String correctHeaderToBeForwarded = "correct header that needs to be forwarded";
    final String listOfIntsHeaderKey = "X-Test-IntList-Header";
    final List<Object> listOfIntsHeader = ImmutableList.of(1, 2, 3);
    message.put(Message.CONTENT_TYPE, "application/vnd.paos+xml");
    HashMap<String, List<String>> messageHeaders = new HashMap<>();
    messageHeaders.put(testHeaderKey, ImmutableList.of("original, incorrect header value"));
    message.put(Message.PROTOCOL_HEADERS, messageHeaders);
    Message outMessage = new MessageImpl();
    HashMap<String, List> protocolHeaders = new HashMap<>();
    outMessage.put(Message.PROTOCOL_HEADERS, protocolHeaders);
    outMessage.put(Message.HTTP_REQUEST_METHOD, "GET");
    protocolHeaders.put("Authorization", Collections.singletonList("BASIC dGVzdDp0ZXN0"));
    ExchangeImpl exchange = new ExchangeImpl();
    exchange.setOutMessage(outMessage);
    message.setExchange(exchange);
    PaosInInterceptor paosInInterceptor = new PaosInInterceptor(Phase.RECEIVE, new SamlSecurity()) {

        HttpResponseWrapper getHttpResponse(String responseConsumerURL, String soapResponse, Message message) throws IOException {
            HttpResponseWrapper httpResponseWrapper = new HttpResponseWrapper();
            if (responseConsumerURL.equals("https://sp.example.org/PAOSConsumer")) {
                httpResponseWrapper.statusCode = 200;
                httpResponseWrapper.content = new ByteArrayInputStream("actual content".getBytes());
                httpResponseWrapper.headers = ImmutableMap.of(testHeaderKey, (Object) ImmutableList.of(correctHeaderToBeForwarded), listOfIntsHeaderKey, listOfIntsHeader).entrySet();
            } else if (responseConsumerURL.equals("https://idp.example.org/saml2/sso")) {
                httpResponseWrapper.statusCode = 200;
                httpResponseWrapper.content = PaosInInterceptorTest.class.getClassLoader().getResource("idpresponse.xml").openStream();
            }
            return httpResponseWrapper;
        }
    };
    paosInInterceptor.handleMessage(message);
    assertThat(IOUtils.toString(message.getContent(InputStream.class)), is("actual content"));
    Map<String, List<String>> headers = (Map) message.get(Message.PROTOCOL_HEADERS);
    assertThat(headers.get(testHeaderKey), hasItem(correctHeaderToBeForwarded));
    assertThat(headers.get(listOfIntsHeaderKey), hasItems("1", "2", "3"));
}