Example 1 with WrappedGreeter
use of org.apache.hello_world_soap_action.WrappedGreeter in project cxf by apache.
the class SoapActionTest method testWrappedSoap12ActionSpoofing.
@Test
public void testWrappedSoap12ActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
pf.setServiceClass(WrappedGreeter.class);
pf.setAddress(add14);
SoapBindingConfiguration config = new SoapBindingConfiguration();
config.setVersion(Soap12.getInstance());
pf.setBindingConfig(config);
pf.setBus(bus);
WrappedGreeter greeter = (WrappedGreeter) pf.create();
assertEquals("sayHi", greeter.sayHiRequestWrapped("test"));
assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test"));
// Now test spoofing attack
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test the other operation
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1");
try {
greeter.sayHiRequest2Wrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test a SOAP Action that does not exist in the binding
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
}
Also used :
SoapBindingConfiguration(org.apache.cxf.binding.soap.SoapBindingConfiguration)
JaxWsProxyFactoryBean(org.apache.cxf.jaxws.JaxWsProxyFactoryBean)
WrappedGreeter(org.apache.hello_world_soap_action.WrappedGreeter)
Test(org.junit.Test)
Example 2 with WrappedGreeter
use of org.apache.hello_world_soap_action.WrappedGreeter in project cxf by apache.
the class SoapActionTest method testRPCEncodedSoapActionSpoofing.
@Test
public void testRPCEncodedSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
pf.setServiceClass(WrappedGreeter.class);
pf.setAddress(add16);
pf.setBus(bus);
WrappedGreeter greeter = (WrappedGreeter) pf.create();
assertEquals("sayHi", greeter.sayHiRequestWrapped("test"));
assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test"));
// Now test spoofing attack
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test the other operation
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1");
try {
greeter.sayHiRequest2Wrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test a SOAP Action that does not exist in the binding
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
}
Also used :
JaxWsProxyFactoryBean(org.apache.cxf.jaxws.JaxWsProxyFactoryBean)
WrappedGreeter(org.apache.hello_world_soap_action.WrappedGreeter)
Test(org.junit.Test)
Example 3 with WrappedGreeter
use of org.apache.hello_world_soap_action.WrappedGreeter in project cxf by apache.
the class SoapActionTest method testWrappedSoapActionSpoofing.
@Test
public void testWrappedSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
pf.setServiceClass(WrappedGreeter.class);
pf.setAddress(add13);
pf.setBus(bus);
WrappedGreeter greeter = (WrappedGreeter) pf.create();
assertEquals("sayHi", greeter.sayHiRequestWrapped("test"));
assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test"));
// Now test spoofing attack
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test the other operation
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1");
try {
greeter.sayHiRequest2Wrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test a SOAP Action that does not exist in the binding
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
}
Also used :
JaxWsProxyFactoryBean(org.apache.cxf.jaxws.JaxWsProxyFactoryBean)
WrappedGreeter(org.apache.hello_world_soap_action.WrappedGreeter)
Test(org.junit.Test)
Example 4 with WrappedGreeter
use of org.apache.hello_world_soap_action.WrappedGreeter in project cxf by apache.
the class SoapActionTest method testWrappedEncodedSoapActionSpoofing.
@Test
public void testWrappedEncodedSoapActionSpoofing() throws Exception {
JaxWsProxyFactoryBean pf = new JaxWsProxyFactoryBean();
pf.setServiceClass(WrappedGreeter.class);
pf.setAddress(add17);
pf.setBus(bus);
WrappedGreeter greeter = (WrappedGreeter) pf.create();
assertEquals("sayHi", greeter.sayHiRequestWrapped("test"));
assertEquals("sayHi2", greeter.sayHiRequest2Wrapped("test"));
// Now test spoofing attack
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_2");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test the other operation
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_1");
try {
greeter.sayHiRequest2Wrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
// Test a SOAP Action that does not exist in the binding
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_USE_PROPERTY, "true");
((BindingProvider) greeter).getRequestContext().put(BindingProvider.SOAPACTION_URI_PROPERTY, "SAY_HI_UNKNOWN");
try {
greeter.sayHiRequestWrapped("test");
fail("Failure expected on spoofing attack");
} catch (Exception ex) {
// expected
}
}
Also used :
JaxWsProxyFactoryBean(org.apache.cxf.jaxws.JaxWsProxyFactoryBean)
WrappedGreeter(org.apache.hello_world_soap_action.WrappedGreeter)
Test(org.junit.Test)
Aggregations
JaxWsProxyFactoryBean (org.apache.cxf.jaxws.JaxWsProxyFactoryBean)4
WrappedGreeter (org.apache.hello_world_soap_action.WrappedGreeter)4
Test (org.junit.Test)4
SoapBindingConfiguration (org.apache.cxf.binding.soap.SoapBindingConfiguration)1
