12:27 p.m.
Author: richard.opalka(a)jboss.com
Date: 2009-04-29 06:27:16 -0400 (Wed, 29 Apr 2009)
New Revision: 9919
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/attack-message.xml
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/message.xml
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/ant-import-tests/build-jars-jaxws.xml
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/core/utils/DocumentBuilderFactoryImpl.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SubscriptionManager.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java
Log:
[JBWS-1582][JBPAPP-1961] backport
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/ant-import-tests/build-jars-jaxws.xml
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/ant-import-tests/build-jars-jaxws.xml 2009-04-29
10:25:44 UTC (rev 9918)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/ant-import-tests/build-jars-jaxws.xml 2009-04-29
10:27:16 UTC (rev 9919)
@@ -310,6 +310,26 @@
</metainf>
</jar>
+ <!-- jaxws-jbws1582 -->
+ <war destfile="${tests.output.dir}/libs/jaxws-jbws1582.war"
webxml="${tests.output.dir}/resources/jaxws/jbws1582/WEB-INF/web.xml">
+ <classes dir="${tests.output.dir}/classes">
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/Endpoint.class"/>
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/resources/jaxws/jbws1582/WEB-INF">
+ <include name="wsdl/service.wsdl"/>
+ </webinf>
+ </war>
+ <war destfile="${tests.output.dir}/libs/jaxws-jbws1582-attacked.war"
webxml="${tests.output.dir}/resources/jaxws/jbws1582/WEB-INF/attack-web.xml">
+ <classes dir="${tests.output.dir}/classes">
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/Endpoint.class"/>
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/resources/jaxws/jbws1582/WEB-INF">
+ <include name="wsdl/attack-service.wsdl"/>
+ </webinf>
+ </war>
+
<!-- jaxws-jbws2116-->
<jar destfile="${tests.output.dir}/libs/jaxws-jbws2116.jar">
<fileset dir="${tests.output.dir}/classes">
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/core/utils/DocumentBuilderFactoryImpl.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/core/utils/DocumentBuilderFactoryImpl.java 2009-04-29
10:25:44 UTC (rev 9918)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/core/utils/DocumentBuilderFactoryImpl.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -23,6 +23,7 @@
// $Id$
+import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -53,6 +54,7 @@
// namespace aware by default
delegate.setNamespaceAware(true);
+ delegate.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
}
catch (Exception ex)
{
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SubscriptionManager.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SubscriptionManager.java 2009-04-29
10:25:44 UTC (rev 9918)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SubscriptionManager.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -45,6 +45,7 @@
import javax.management.MBeanServerFactory;
import javax.naming.InitialContext;
import javax.naming.NamingException;
+import javax.xml.XMLConstants;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
@@ -522,6 +523,7 @@
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
factory.setValidating(true);
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory.setAttribute("http://java.sun.com/xml/jaxp/properties/schema...;,
"http://www.w3.org/2001/XMLSchema");
String[] notificationSchemas = es.getNotificationSchema();
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java 2009-04-29
10:25:44 UTC (rev 9918)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -44,6 +44,7 @@
import javax.wsdl.factory.WSDLFactory;
import javax.wsdl.xml.WSDLLocator;
import javax.wsdl.xml.WSDLReader;
+import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -2124,6 +2125,7 @@
try
{
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver( new JBossWSEntityResolver() );
Document doc = builder.parse(inputSource);
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "EndpointPort",
+ serviceName = "EndpointService",
+ wsdlLocation = "WEB-INF/wsdl/attack-service.wsdl",
+ endpointInterface = "org.jboss.test.ws.jaxws.jbws1582.Endpoint"
+)
+public class AttackedEndpointImpl
+{
+ public String echo(String msg)
+ {
+ return msg;
+ }
+}
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+
+@WebService (name="Endpoint")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+public interface Endpoint
+{
+ @WebMethod(operationName = "echoString", action =
"urn:EchoString")
+ String echo(String input);
+}
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "EndpointPort",
+ serviceName = "EndpointService",
+ wsdlLocation = "WEB-INF/wsdl/service.wsdl",
+ endpointInterface = "org.jboss.test.ws.jaxws.jbws1582.Endpoint"
+)
+public class EndpointImpl
+{
+ public String echo(String msg)
+ {
+ return msg;
+ }
+}
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,137 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import junit.framework.Test;
+
+import org.jboss.wsf.common.IOUtils;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+
+/**
+ * [JBWS-1582] Protect JBossWS Against XML Attacks
+ *
+ * @author <a href="mailto:richard.opalka@jboss.org">Richard
Opalka</a>
+ */
+public class JBWS1582TestCase extends JBossWSTest
+{
+ private String endpointURL = "http://" + getServerHost() +
":8080/jaxws-jbws1582/TestService";
+ private String targetNS = "http://jbws1582.jaxws.ws.test.jboss.org/";
+
+ public static Test suite()
+ {
+ return new JBossWSTestSetup(JBWS1582TestCase.class,
"jaxws-jbws1582.war");
+ }
+
+ public void testLegalAccess() throws Exception
+ {
+ URL wsdlURL = new URL(endpointURL + "?wsdl");
+ QName serviceName = new QName(targetNS, "EndpointService");
+
+ Service service = Service.create(wsdlURL, serviceName);
+ Endpoint port = (Endpoint)service.getPort(Endpoint.class);
+
+ Object retObj = port.echo("Hello");
+ assertEquals("Hello", retObj);
+ }
+
+ public void testSOAPMessage() throws Exception
+ {
+ String response = getResponse("jaxws/jbws1582/message.xml");
+ assertTrue(response.contains("HTTP/1.1 200 OK"));
+ assertTrue(response.contains("<return>Hello</return>"));
+ }
+
+ public void testSOAPMessageAttack() throws Exception
+ {
+ String response = getResponse("jaxws/jbws1582/attack-message.xml");
+ assertTrue(response.contains("HTTP/1.1 500"));
+ // There's a bug in xerces that is shipped with EAP 4.3.
+ // NPE thrown from xerces can be solved with xerces upgrade.
+ //assertTrue(response.contains("The parser has encountered more than"));
+ //assertTrue(response.contains("entity expansions in this document"));
+ }
+
+ private String getResponse(String requestFile) throws Exception
+ {
+ final String CRNL = "\r\n";
+ String content = getContent(new FileInputStream(new File("resources/" +
requestFile)));
+ Socket socket = new Socket();
+ socket.connect(new InetSocketAddress(this.getServerHost(), 8080));
+ OutputStream out = socket.getOutputStream();
+
+ // send an HTTP request to the endpoint
+ out.write(("POST /jaxws-jbws1582/TestService HTTP/1.0" +
CRNL).getBytes());
+ out.write(("Host: " + this.getServerHost() + ":8080" +
CRNL).getBytes());
+ out.write(("Content-Type: text/xml" + CRNL).getBytes());
+ out.write(("Content-Length: " + content.length() + CRNL).getBytes());
+ out.write((CRNL).getBytes());
+ out.write((content).getBytes());
+
+ // read the response
+ String response = getContent(socket.getInputStream());
+ socket.close();
+ System.out.println("---");
+ System.out.println(response);
+ System.out.println("---");
+ return response;
+ }
+
+ public void testAttackedArchiveDeployment() throws Exception
+ {
+ try
+ {
+ this.deploy("jaxws-jbws1582-attacked.war");
+ fail("deployment failure expected");
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ log.warn(e.getMessage(), e);
+ }
+ finally
+ {
+ this.undeploy("jaxws-jbws1582-attacked.war");
+ }
+ }
+
+ private static String getContent(InputStream is) throws IOException
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ IOUtils.copyStream(baos, is);
+ return new String(baos.toByteArray());
+ }
+
+}
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <servlet-name>TestService</servlet-name>
+
<servlet-class>org.jboss.test.ws.jaxws.jbws1582.AttackedEndpointImpl</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestService</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
+
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <servlet-name>TestService</servlet-name>
+
<servlet-class>org.jboss.test.ws.jaxws.jbws1582.EndpointImpl</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestService</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
+
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,180 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE definitions [
+ <!ENTITY hello1 "Hello">
+ <!ENTITY hello2 "&hello1; &hello1;">
+ <!ENTITY hello3 "&hello2; &hello2;">
+ <!ENTITY hello4 "&hello3; &hello3;">
+ <!ENTITY hello5 "&hello4; &hello4;">
+ <!ENTITY hello6 "&hello5; &hello5;">
+ <!ENTITY hello7 "&hello6; &hello6;">
+ <!ENTITY hello8 "&hello7; &hello7;">
+ <!ENTITY hello9 "&hello8; &hello8;">
+ <!ENTITY hello10 "&hello9; &hello9;">
+
+ <!ENTITY hello11 "&hello10; &hello10;">
+ <!ENTITY hello12 "&hello11; &hello11;">
+ <!ENTITY hello13 "&hello12; &hello12;">
+ <!ENTITY hello14 "&hello13; &hello13;">
+ <!ENTITY hello15 "&hello14; &hello14;">
+ <!ENTITY hello16 "&hello15; &hello15;">
+ <!ENTITY hello17 "&hello16; &hello16;">
+ <!ENTITY hello18 "&hello17; &hello17;">
+ <!ENTITY hello19 "&hello18; &hello18;">
+ <!ENTITY hello20 "&hello19; &hello19;">
+
+ <!ENTITY hello21 "&hello20; &hello20;">
+ <!ENTITY hello22 "&hello21; &hello21;">
+ <!ENTITY hello23 "&hello22; &hello22;">
+ <!ENTITY hello24 "&hello23; &hello23;">
+ <!ENTITY hello25 "&hello24; &hello24;">
+ <!ENTITY hello26 "&hello25; &hello25;">
+ <!ENTITY hello27 "&hello26; &hello26;">
+ <!ENTITY hello28 "&hello27; &hello27;">
+ <!ENTITY hello29 "&hello28; &hello28;">
+ <!ENTITY hello30 "&hello29; &hello29;">
+
+ <!ENTITY hello31 "&hello30; &hello30;">
+ <!ENTITY hello32 "&hello31; &hello31;">
+ <!ENTITY hello33 "&hello32; &hello32;">
+ <!ENTITY hello34 "&hello33; &hello33;">
+ <!ENTITY hello35 "&hello34; &hello34;">
+ <!ENTITY hello36 "&hello35; &hello35;">
+ <!ENTITY hello37 "&hello36; &hello36;">
+ <!ENTITY hello38 "&hello37; &hello37;">
+ <!ENTITY hello39 "&hello38; &hello38;">
+ <!ENTITY hello40 "&hello39; &hello39;">
+
+ <!ENTITY hello41 "&hello40; &hello40;">
+ <!ENTITY hello42 "&hello41; &hello41;">
+ <!ENTITY hello43 "&hello42; &hello42;">
+ <!ENTITY hello44 "&hello43; &hello43;">
+ <!ENTITY hello45 "&hello44; &hello44;">
+ <!ENTITY hello46 "&hello45; &hello45;">
+ <!ENTITY hello47 "&hello46; &hello46;">
+ <!ENTITY hello48 "&hello47; &hello47;">
+ <!ENTITY hello49 "&hello48; &hello48;">
+ <!ENTITY hello50 "&hello49; &hello49;">
+
+ <!ENTITY hello51 "&hello50; &hello50;">
+ <!ENTITY hello52 "&hello51; &hello51;">
+ <!ENTITY hello53 "&hello52; &hello52;">
+ <!ENTITY hello54 "&hello53; &hello53;">
+ <!ENTITY hello55 "&hello54; &hello54;">
+ <!ENTITY hello56 "&hello55; &hello55;">
+ <!ENTITY hello57 "&hello56; &hello56;">
+ <!ENTITY hello58 "&hello57; &hello57;">
+ <!ENTITY hello59 "&hello58; &hello58;">
+ <!ENTITY hello60 "&hello59; &hello59;">
+
+ <!ENTITY hello61 "&hello60; &hello60;">
+ <!ENTITY hello62 "&hello61; &hello61;">
+ <!ENTITY hello63 "&hello62; &hello62;">
+ <!ENTITY hello64 "&hello63; &hello63;">
+ <!ENTITY hello65 "&hello64; &hello64;">
+ <!ENTITY hello66 "&hello65; &hello65;">
+ <!ENTITY hello67 "&hello66; &hello66;">
+ <!ENTITY hello68 "&hello67; &hello67;">
+ <!ENTITY hello69 "&hello68; &hello68;">
+ <!ENTITY hello70 "&hello69; &hello69;">
+
+ <!ENTITY hello71 "&hello70; &hello70;">
+ <!ENTITY hello72 "&hello71; &hello71;">
+ <!ENTITY hello73 "&hello72; &hello72;">
+ <!ENTITY hello74 "&hello73; &hello73;">
+ <!ENTITY hello75 "&hello74; &hello74;">
+ <!ENTITY hello76 "&hello75; &hello75;">
+ <!ENTITY hello77 "&hello76; &hello76;">
+ <!ENTITY hello78 "&hello77; &hello77;">
+ <!ENTITY hello79 "&hello78; &hello78;">
+ <!ENTITY hello80 "&hello79; &hello79;">
+
+ <!ENTITY hello81 "&hello80; &hello80;">
+ <!ENTITY hello82 "&hello81; &hello81;">
+ <!ENTITY hello83 "&hello82; &hello82;">
+ <!ENTITY hello84 "&hello83; &hello83;">
+ <!ENTITY hello85 "&hello84; &hello84;">
+ <!ENTITY hello86 "&hello85; &hello85;">
+ <!ENTITY hello87 "&hello86; &hello86;">
+ <!ENTITY hello88 "&hello87; &hello87;">
+ <!ENTITY hello89 "&hello88; &hello88;">
+ <!ENTITY hello90 "&hello89; &hello89;">
+
+ <!ENTITY hello91 "&hello90; &hello90;">
+ <!ENTITY hello92 "&hello91; &hello91;">
+ <!ENTITY hello93 "&hello92; &hello92;">
+ <!ENTITY hello94 "&hello93; &hello93;">
+ <!ENTITY hello95 "&hello94; &hello94;">
+ <!ENTITY hello96 "&hello95; &hello95;">
+ <!ENTITY hello97 "&hello96; &hello96;">
+ <!ENTITY hello98 "&hello97; &hello97;">
+ <!ENTITY hello99 "&hello98; &hello98;">
+ <!ENTITY hello100 "&hello99; &hello99;">
+
+ <!ENTITY hello101 "&hello100; &hello100;">
+ <!ENTITY hello102 "&hello101; &hello101;">
+ <!ENTITY hello103 "&hello102; &hello102;">
+ <!ENTITY hello104 "&hello103; &hello103;">
+ <!ENTITY hello105 "&hello104; &hello104;">
+ <!ENTITY hello106 "&hello105; &hello105;">
+ <!ENTITY hello107 "&hello106; &hello106;">
+ <!ENTITY hello108 "&hello107; &hello107;">
+ <!ENTITY hello109 "&hello108; &hello108;">
+ <!ENTITY hello110 "&hello109; &hello109;">
+
+ <!ENTITY hello111 "&hello110; &hello110;">
+ <!ENTITY hello112 "&hello111; &hello111;">
+ <!ENTITY hello113 "&hello112; &hello112;">
+ <!ENTITY hello114 "&hello113; &hello113;">
+ <!ENTITY hello115 "&hello114; &hello114;">
+ <!ENTITY hello116 "&hello115; &hello115;">
+ <!ENTITY hello117 "&hello116; &hello116;">
+ <!ENTITY hello118 "&hello117; &hello117;">
+ <!ENTITY hello119 "&hello118; &hello118;">
+ <!ENTITY hello120 "&hello119; &hello119;">
+
+ <!ENTITY hello121 "&hello120; &hello120;">
+ <!ENTITY hello122 "&hello121; &hello121;">
+ <!ENTITY hello123 "&hello122; &hello122;">
+ <!ENTITY hello124 "&hello123; &hello123;">
+ <!ENTITY hello125 "&hello124; &hello124;">
+ <!ENTITY hello126 "&hello125; &hello125;">
+ <!ENTITY hello127 "&hello126; &hello126;">
+ <!ENTITY hello128 "&hello127; &hello127;">
+]>
+<definitions name="EndpointService"
targetNamespace="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:tns="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ </types>
+ <message name="Endpoint_echoString">
+ <part name="arg0" type="xsd:string">
+ </part>
+ </message>
+ <message name="Endpoint_echoStringResponse">
+ <part name="return" type="xsd:string">
+ </part>
+ </message>
+ <portType name="Endpoint">
+ <operation name="echoString" parameterOrder="arg0">
+ <input message="tns:Endpoint_echoString">
+ </input>
+ <output message="tns:Endpoint_echoStringResponse">
+ </output>
+ </operation>
+ </portType>
+ <binding name="EndpointBinding" type="tns:Endpoint">
+ <soap:binding style="rpc"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="echoString">
+ <soap:operation soapAction="urn:EchoString"/>
+ <input>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </input>
+ <output>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="EndpointService">
+ <port name="EndpointPort" binding="tns:EndpointBinding">
+ <soap:address location="&hello128;"/>
+ </port>
+ </service>
+</definitions>
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="EndpointService"
targetNamespace="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:tns="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ </types>
+ <message name="Endpoint_echoString">
+ <part name="arg0" type="xsd:string">
+ </part>
+ </message>
+ <message name="Endpoint_echoStringResponse">
+ <part name="return" type="xsd:string">
+ </part>
+ </message>
+ <portType name="Endpoint">
+ <operation name="echoString" parameterOrder="arg0">
+ <input message="tns:Endpoint_echoString">
+ </input>
+ <output message="tns:Endpoint_echoStringResponse">
+ </output>
+ </operation>
+ </portType>
+ <binding name="EndpointBinding" type="tns:Endpoint">
+ <soap:binding style="rpc"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="echoString">
+ <soap:operation soapAction="urn:EchoString"/>
+ <input>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </input>
+ <output>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="EndpointService">
+ <port name="EndpointPort" binding="tns:EndpointBinding">
+ <soap:address location="REPLACE_WITH_ACTUAL_URL"/>
+ </port>
+ </service>
+</definitions>
\ No newline at end of file
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/attack-message.xml
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/attack-message.xml
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/attack-message.xml 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,151 @@
+<?xml version="1.0"?>
+<!DOCTYPE root [
+ <!ENTITY hello1 "Hello">
+ <!ENTITY hello2 "&hello1; &hello1;">
+ <!ENTITY hello3 "&hello2; &hello2;">
+ <!ENTITY hello4 "&hello3; &hello3;">
+ <!ENTITY hello5 "&hello4; &hello4;">
+ <!ENTITY hello6 "&hello5; &hello5;">
+ <!ENTITY hello7 "&hello6; &hello6;">
+ <!ENTITY hello8 "&hello7; &hello7;">
+ <!ENTITY hello9 "&hello8; &hello8;">
+ <!ENTITY hello10 "&hello9; &hello9;">
+
+ <!ENTITY hello11 "&hello10; &hello10;">
+ <!ENTITY hello12 "&hello11; &hello11;">
+ <!ENTITY hello13 "&hello12; &hello12;">
+ <!ENTITY hello14 "&hello13; &hello13;">
+ <!ENTITY hello15 "&hello14; &hello14;">
+ <!ENTITY hello16 "&hello15; &hello15;">
+ <!ENTITY hello17 "&hello16; &hello16;">
+ <!ENTITY hello18 "&hello17; &hello17;">
+ <!ENTITY hello19 "&hello18; &hello18;">
+ <!ENTITY hello20 "&hello19; &hello19;">
+
+ <!ENTITY hello21 "&hello20; &hello20;">
+ <!ENTITY hello22 "&hello21; &hello21;">
+ <!ENTITY hello23 "&hello22; &hello22;">
+ <!ENTITY hello24 "&hello23; &hello23;">
+ <!ENTITY hello25 "&hello24; &hello24;">
+ <!ENTITY hello26 "&hello25; &hello25;">
+ <!ENTITY hello27 "&hello26; &hello26;">
+ <!ENTITY hello28 "&hello27; &hello27;">
+ <!ENTITY hello29 "&hello28; &hello28;">
+ <!ENTITY hello30 "&hello29; &hello29;">
+
+ <!ENTITY hello31 "&hello30; &hello30;">
+ <!ENTITY hello32 "&hello31; &hello31;">
+ <!ENTITY hello33 "&hello32; &hello32;">
+ <!ENTITY hello34 "&hello33; &hello33;">
+ <!ENTITY hello35 "&hello34; &hello34;">
+ <!ENTITY hello36 "&hello35; &hello35;">
+ <!ENTITY hello37 "&hello36; &hello36;">
+ <!ENTITY hello38 "&hello37; &hello37;">
+ <!ENTITY hello39 "&hello38; &hello38;">
+ <!ENTITY hello40 "&hello39; &hello39;">
+
+ <!ENTITY hello41 "&hello40; &hello40;">
+ <!ENTITY hello42 "&hello41; &hello41;">
+ <!ENTITY hello43 "&hello42; &hello42;">
+ <!ENTITY hello44 "&hello43; &hello43;">
+ <!ENTITY hello45 "&hello44; &hello44;">
+ <!ENTITY hello46 "&hello45; &hello45;">
+ <!ENTITY hello47 "&hello46; &hello46;">
+ <!ENTITY hello48 "&hello47; &hello47;">
+ <!ENTITY hello49 "&hello48; &hello48;">
+ <!ENTITY hello50 "&hello49; &hello49;">
+
+ <!ENTITY hello51 "&hello50; &hello50;">
+ <!ENTITY hello52 "&hello51; &hello51;">
+ <!ENTITY hello53 "&hello52; &hello52;">
+ <!ENTITY hello54 "&hello53; &hello53;">
+ <!ENTITY hello55 "&hello54; &hello54;">
+ <!ENTITY hello56 "&hello55; &hello55;">
+ <!ENTITY hello57 "&hello56; &hello56;">
+ <!ENTITY hello58 "&hello57; &hello57;">
+ <!ENTITY hello59 "&hello58; &hello58;">
+ <!ENTITY hello60 "&hello59; &hello59;">
+
+ <!ENTITY hello61 "&hello60; &hello60;">
+ <!ENTITY hello62 "&hello61; &hello61;">
+ <!ENTITY hello63 "&hello62; &hello62;">
+ <!ENTITY hello64 "&hello63; &hello63;">
+ <!ENTITY hello65 "&hello64; &hello64;">
+ <!ENTITY hello66 "&hello65; &hello65;">
+ <!ENTITY hello67 "&hello66; &hello66;">
+ <!ENTITY hello68 "&hello67; &hello67;">
+ <!ENTITY hello69 "&hello68; &hello68;">
+ <!ENTITY hello70 "&hello69; &hello69;">
+
+ <!ENTITY hello71 "&hello70; &hello70;">
+ <!ENTITY hello72 "&hello71; &hello71;">
+ <!ENTITY hello73 "&hello72; &hello72;">
+ <!ENTITY hello74 "&hello73; &hello73;">
+ <!ENTITY hello75 "&hello74; &hello74;">
+ <!ENTITY hello76 "&hello75; &hello75;">
+ <!ENTITY hello77 "&hello76; &hello76;">
+ <!ENTITY hello78 "&hello77; &hello77;">
+ <!ENTITY hello79 "&hello78; &hello78;">
+ <!ENTITY hello80 "&hello79; &hello79;">
+
+ <!ENTITY hello81 "&hello80; &hello80;">
+ <!ENTITY hello82 "&hello81; &hello81;">
+ <!ENTITY hello83 "&hello82; &hello82;">
+ <!ENTITY hello84 "&hello83; &hello83;">
+ <!ENTITY hello85 "&hello84; &hello84;">
+ <!ENTITY hello86 "&hello85; &hello85;">
+ <!ENTITY hello87 "&hello86; &hello86;">
+ <!ENTITY hello88 "&hello87; &hello87;">
+ <!ENTITY hello89 "&hello88; &hello88;">
+ <!ENTITY hello90 "&hello89; &hello89;">
+
+ <!ENTITY hello91 "&hello90; &hello90;">
+ <!ENTITY hello92 "&hello91; &hello91;">
+ <!ENTITY hello93 "&hello92; &hello92;">
+ <!ENTITY hello94 "&hello93; &hello93;">
+ <!ENTITY hello95 "&hello94; &hello94;">
+ <!ENTITY hello96 "&hello95; &hello95;">
+ <!ENTITY hello97 "&hello96; &hello96;">
+ <!ENTITY hello98 "&hello97; &hello97;">
+ <!ENTITY hello99 "&hello98; &hello98;">
+ <!ENTITY hello100 "&hello99; &hello99;">
+
+ <!ENTITY hello101 "&hello100; &hello100;">
+ <!ENTITY hello102 "&hello101; &hello101;">
+ <!ENTITY hello103 "&hello102; &hello102;">
+ <!ENTITY hello104 "&hello103; &hello103;">
+ <!ENTITY hello105 "&hello104; &hello104;">
+ <!ENTITY hello106 "&hello105; &hello105;">
+ <!ENTITY hello107 "&hello106; &hello106;">
+ <!ENTITY hello108 "&hello107; &hello107;">
+ <!ENTITY hello109 "&hello108; &hello108;">
+ <!ENTITY hello110 "&hello109; &hello109;">
+
+ <!ENTITY hello111 "&hello110; &hello110;">
+ <!ENTITY hello112 "&hello111; &hello111;">
+ <!ENTITY hello113 "&hello112; &hello112;">
+ <!ENTITY hello114 "&hello113; &hello113;">
+ <!ENTITY hello115 "&hello114; &hello114;">
+ <!ENTITY hello116 "&hello115; &hello115;">
+ <!ENTITY hello117 "&hello116; &hello116;">
+ <!ENTITY hello118 "&hello117; &hello117;">
+ <!ENTITY hello119 "&hello118; &hello118;">
+ <!ENTITY hello120 "&hello119; &hello119;">
+
+ <!ENTITY hello121 "&hello120; &hello120;">
+ <!ENTITY hello122 "&hello121; &hello121;">
+ <!ENTITY hello123 "&hello122; &hello122;">
+ <!ENTITY hello124 "&hello123; &hello123;">
+ <!ENTITY hello125 "&hello124; &hello124;">
+ <!ENTITY hello126 "&hello125; &hello125;">
+ <!ENTITY hello127 "&hello126; &hello126;">
+ <!ENTITY hello128 "&hello127; &hello127;">
+]>
+<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
+ <env:Header/>
+ <env:Body>
+ <ns1:echoString xmlns:ns1='http://jbws1582.jaxws.ws.test.jboss.org/'>
+ <arg0>&hello128;</arg0>
+ </ns1:echoString>
+ </env:Body>
+</env:Envelope>
Added:
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/message.xml
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/message.xml
(rev 0)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP05_JBPAPP-1961/src/test/resources/jaxws/jbws1582/message.xml 2009-04-29
10:27:16 UTC (rev 9919)
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
+ <env:Header/>
+ <env:Body>
+ <ns1:echoString xmlns:ns1='http://jbws1582.jaxws.ws.test.jboss.org/'>
+ <arg0>Hello</arg0>
+ </ns1:echoString>
+ </env:Body>
+</env:Envelope>
+