Author: mageshbk(a)jboss.com Date: 2009-01-05 07:39:16 -0500 (Mon, 05 Jan 2009) New Revision: 8960 Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java Modified: stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml Log: [JBWS-2437] WSDL access url with resource suffix allows any arbitrary xml file to be viewed - Added testcase Modified: stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml 2009-01-05 12:37:16 UTC (rev 8959) +++ stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml 2009-01-05 12:39:16 UTC (rev 8960) @@ -413,7 +413,15 @@ <include name="jboss-web.xml"/> </webinf> </war> - + + <!-- jaxws-jbws2437 --> + <jar destfile="${tests.output.dir}/test-libs/jaxws-jbws2437.jar"> + <fileset dir="${tests.output.dir}/test-classes"> + <include name="org/jboss/test/ws/jaxws/jbws2437/*.class"/> + <exclude name="org/jboss/test/ws/jaxws/jbws2437/*TestCase.class"/> + </fileset> + </jar> + <!-- jaxws-webserviceref --> <war warfile="${tests.output.dir}/test-libs/jaxws-webserviceref.war" webxml="${tests.output.dir}/test-resources/jaxws/webserviceref/WEB-INF/web.xml"> <classes dir="${tests.output.dir}/test-classes"> Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java (rev 0) +++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java 2009-01-05 12:39:16 UTC (rev 8960) @@ -0,0 +1,31 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.ws.jaxws.jbws2437; + +import javax.jws.WebService; + +@WebService(name = "Hello", serviceName = "HelloService", targetNamespace = "http://org.jboss.ws/jaxws/jbws2437") +public interface Hello +{ + + public String echo(String in0); +} Property changes on: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java (rev 0) +++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java 2009-01-05 12:39:16 UTC (rev 8960) @@ -0,0 +1,47 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.ws.jaxws.jbws2437; + +import javax.ejb.Stateless; +import javax.jws.WebMethod; +import javax.jws.WebParam; +import javax.jws.WebService; +import javax.jws.soap.SOAPBinding; + +import org.jboss.logging.Logger; +import org.jboss.wsf.spi.annotation.WebContext; + +@Stateless +@WebService(name = "Hello", serviceName = "HelloService", targetNamespace = "http://org.jboss.ws/jaxws/jbws2437") +@SOAPBinding(style = SOAPBinding.Style.RPC) +@WebContext(contextRoot="jaxws-jbws2437", urlPattern="/*") +public class HelloJavaBean implements Hello +{ + private Logger log = Logger.getLogger(HelloJavaBean.class); + + @WebMethod + public String echo(@WebParam(name = "user") String in0) + { + log.info(in0); + return in0; + } +} Property changes on: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java =================================================================== --- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java (rev 0) +++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java 2009-01-05 12:39:16 UTC (rev 8960) @@ -0,0 +1,69 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.ws.jaxws.jbws2437; + +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.net.URL; + +import junit.framework.Test; + +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; + + +/** + * Disallow access to directories other than "data/wsdl" + * + * http://jira.jboss.org/jira/browse/JBWS-2437 + * + * @author mageshbk(a)jboss.com + * @since 04-Jan-2009 + */ +public class JBWS2437TestCase extends JBossWSTest +{ + public final String WSDL_LOCATION = "http://" + getServerHost() + ":8080/jaxws-jbws2437?wsdl"; + public final String WSDL_RESOURCE = "&resource=../../ejb-deployer.xml"; + + public static Test suite() throws Exception + { + return new JBossWSTestSetup(JBWS2437TestCase.class, "jaxws-jbws2437.jar"); + } + + public void testWSDLAccess() throws Exception + { + HttpURLConnection connection = (HttpURLConnection)new URL(WSDL_LOCATION).openConnection(); + InputStream in = connection.getInputStream(); + int fileSize = in.available(); + in.close(); + assertTrue("WSDL cannot be accessed", fileSize > 0); + } + + public void testOtherFileAccess() throws Exception + { + HttpURLConnection connection = (HttpURLConnection)new URL(WSDL_LOCATION + WSDL_RESOURCE).openConnection(); + InputStream in = connection.getInputStream(); + int fileSize = in.available(); + in.close(); + assertTrue("Unrestricted access to xml files found", fileSize == 0); + } +} Property changes on: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF