Example 1 with RPCGreeter
use of org.apache.hello_world_soap_action.RPCGreeter in project cxf by apache.
the class SoapActionTest method testRPCLitSoapActionSpoofing.
@Test
public void testRPCLitSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
pf.setServiceClass(RPCGreeter.class);
pf.setAddress(add15);
pf.setBus(bus);
RPCGreeter greeter = (RPCGreeter) pf.create();
assertEquals("sayHi", greeter.sayHi("test"));
assertEquals("sayHi2", greeter.sayHi2("test"));
// Now test spoofing attack
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2");
try {
greeter.sayHi("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test the other operation
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1");
try {
greeter.sayHi2("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test a SOAP Action that does not exist in the binding
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN");
try {
greeter.sayHi("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
}
Also used :
JaxWsProxyFactoryBean(org.apache.cxf.jaxws.JaxWsProxyFactoryBean)
RPCGreeter(org.apache.hello_world_soap_action.RPCGreeter)
Test(org.junit.Test)
Aggregations
JaxWsProxyFactoryBean (org.apache.cxf.jaxws.JaxWsProxyFactoryBean)1
RPCGreeter (org.apache.hello_world_soap_action.RPCGreeter)1
Test (org.junit.Test)1
