/*
* JBoss, Home of Professional Open Source.
* Copyright 2012, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.as.test.integration.ws.authentication;
import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;
import javax.xml.ws.WebServiceException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.test.integration.ejb.security.EjbSecurityDomainSetup;
import org.jboss.as.test.integration.security.common.Utils;
import org.jboss.security.Base64Encoder;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.runner.RunWith;
import org.junit.Assert;
import org.junit.Test;
/**
* Tests for secured access to WSDL for EJB endpoint
*
* @author Rostislav Svoboda
*/
@ServerSetup({EjbSecurityDomainSetup.class})
@RunWith(Arquillian.class)
@RunAsClient
public class EJBEndpointSecuredWSDLAccessTestCase {
@ArquillianResource
URL baseUrl;
@Deployment(testable = false)
public static Archive<?> deployment() {
JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "jaxws-authentication-ejb3-for-wsdl.jar")
.addAsResource(EJBEndpointSecuredWSDLAccessTestCase.class.getPackage(), "users.properties", "users.properties")
.addAsResource(EJBEndpointSecuredWSDLAccessTestCase.class.getPackage(), "roles.properties", "roles.properties")
.addClasses(EJBEndpointIface.class, EJBEndpointSecuredWSDLAccess.class);
return jar;
}
@Test
public void createService() throws Exception {
QName serviceName = new QName("http://jbossws.org/authenticationForWSDL", "EJB3ServiceForWSDL");
URL wsdlURL = new URL(baseUrl, "/jaxws-authentication-ejb3-for-wsdl/EJB3ServiceForWSDL?wsdl");
try {
Service service = Service.create(wsdlURL, serviceName);
EJBEndpointIface proxy = service.getPort(EJBEndpointIface.class);
Assert.fail("Proxy shouldn't be created because WSDL access should be secured");
} catch (WebServiceException e) {
// failure is expected
}
}
@Test
public void accessWSDLWithValidUsernameAndPassord() throws Exception {
URL wsdlURL = new URL(baseUrl, "/jaxws-authentication-ejb3-for-wsdl/EJB3ServiceForWSDL?wsdl");
String encoding = Base64Encoder.encode("user1:password1");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(wsdlURL.toString());
httpget.setHeader("Authorization", "Basic " + encoding);
HttpResponse response = httpclient.execute(httpget);
String text = Utils.getContent(response);
Assert.assertTrue("Response doesn't contain wsdl file", text.contains("wsdl:binding"));
}
@Test
public void accessWSDLWithValidUsernameAndPassordButInvalidRole() throws Exception {
URL wsdlURL = new URL(baseUrl, "/jaxws-authentication-ejb3-for-wsdl/EJB3ServiceForWSDL?wsdl");
String encoding = Base64Encoder.encode("user2:password2");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(wsdlURL.toString());
httpget.setHeader("Authorization", "Basic " + encoding);
HttpResponse response = httpclient.execute(httpget);
Assert.assertEquals(403, response.getStatusLine().getStatusCode());
Utils.getContent(response);
//Assert.assertTrue("Response doesn't contain access denied message", text.contains("Access to the requested resource has been denied"));
}
@Test
public void accessWSDLWithInvalidUsernameAndPassord() throws Exception {
URL wsdlURL = new URL(baseUrl, "/jaxws-authentication-ejb3-for-wsdl/EJB3ServiceForWSDL?wsdl");
String encoding = Base64Encoder.encode("user1:password-XZY");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(wsdlURL.toString());
httpget.setHeader("Authorization", "Basic " + encoding);
HttpResponse response = httpclient.execute(httpget);
Assert.assertEquals(401, response.getStatusLine().getStatusCode());
Utils.getContent(response);
//Assert.assertTrue("Response doesn't contain expected message.", text.contains("This request requires HTTP authentication"));
}
@Test
public void accessWSDLWithoutUsernameAndPassord() throws Exception {
URL wsdlURL = new URL(baseUrl, "/jaxws-authentication-ejb3-for-wsdl/EJB3ServiceForWSDL?wsdl");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(wsdlURL.toString());
HttpResponse response = httpclient.execute(httpget);
Assert.assertEquals(401, response.getStatusLine().getStatusCode());
Utils.getContent(response);
//Assert.assertTrue("Response doesn't contain expected message.", text.contains("This request requires HTTP authentication"));
}
}