Example 1 with BogusApplicationContext
use of org.springframework.jacksontest.BogusApplicationContext in project eap-additional-testsuite by jboss-set.
the class JaxbProviderDeserializationSecurityCheckTestCase method testApplicationContext.
@EATDPM(config = "standalone.xml", features = { "org.wildfly:wildfly-feature-pack-new#jaxrs:subsystem=jaxrs" }, minVersions = { "13.0.0" }, maxVersions = { "null" }, isClassAnnotation = "false", excludeDependencies = { "javax.ws.rs.GET;" })
// @EATDPM(config="standalone.xml", features={"org.wildfly:wildfly-feature-pack-new#subsystem.jaxrs:subsystem=jaxrs"}, minVersions={"13.0.0"}, maxVersions={"null"}, isClassAnnotation="false", excludeDependencies={"javax.ws.rs.GET;"})
@Test
public void testApplicationContext() throws Exception {
String result = performCall("rest/jaxb/appcontext");
try {
BogusApplicationContext jaxbModel = new ObjectMapper().configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false).readValue(result, BogusApplicationContext.class);
Assert.fail("Should prevente json deserialization because of security reasons.");
} catch (JsonMappingException e) {
Assert.assertTrue("Should prevente json deserialization because of security reasons.", e.getMessage().contains("Illegal type"));
}
}
Also used :
JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException)
BogusApplicationContext(org.springframework.jacksontest.BogusApplicationContext)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
EATDPM(org.jboss.eap.additional.testsuite.annotations.EATDPM)
ATTest(org.jboss.eap.additional.testsuite.annotations.ATTest)
Test(org.junit.Test)
Example 2 with BogusApplicationContext
use of org.springframework.jacksontest.BogusApplicationContext in project eap-additional-testsuite by jboss-set.
the class JaxbProviderDeserializationSecurityCheck2TestCase method testApplicationContext.
@EATDPM(config = "standalone.xml", features = { "org.wildfly:wildfly-feature-pack-new#jaxrs:subsystem=jaxrs" }, minVersions = { "13.0.0" }, maxVersions = { "null" }, isClassAnnotation = "false", excludeDependencies = { "javax.ws.rs.GET;" })
// @EATDPM(config="standalone.xml", features={"org.wildfly:wildfly-feature-pack-new#subsystem.jaxrs:subsystem=jaxrs"}, minVersions={"13.0.0"}, maxVersions={"null"}, isClassAnnotation="false", excludeDependencies={"javax.ws.rs.GET;"})
@Test
public void testApplicationContext() throws Exception {
String result = performCall("rest/jaxb/appcontext");
try {
BogusApplicationContext jaxbModel = new ObjectMapper().configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false).readValue(result, BogusApplicationContext.class);
Assert.fail("Should prevente json deserialization because of security reasons.");
} catch (JsonMappingException e) {
Assert.assertTrue("Should prevente json deserialization because of security reasons.", e.getMessage().contains("Illegal type"));
}
}
Also used :
JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException)
BogusApplicationContext(org.springframework.jacksontest.BogusApplicationContext)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
EATDPM(org.jboss.eap.additional.testsuite.annotations.EATDPM)
Test(org.junit.Test)
Aggregations
JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
EATDPM (org.jboss.eap.additional.testsuite.annotations.EATDPM)2
Test (org.junit.Test)2
BogusApplicationContext (org.springframework.jacksontest.BogusApplicationContext)2
ATTest (org.jboss.eap.additional.testsuite.annotations.ATTest)1
