Author: jim.ma Date: 2015-04-16 05:02:29 -0400 (Thu, 16 Apr 2015) New Revision: 19640 Added: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/EnableRobustOneWayInterceptor.java stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl3.java stack/cxf/trunk/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jboss-webservices.xml Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/EndpointAssociationInterceptor.java stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl2.java stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecurityDomainTestCase.java Log: [JBWS-3905]:Use original thread for ejb webservice oneway operation to avoid authorization failure Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/EndpointAssociationInterceptor.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/EndpointAssociationInterceptor.java 2015-04-15 21:46:07 UTC (rev 19639) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/EndpointAssociationInterceptor.java 2015-04-16 09:02:29 UTC (rev 19640) @@ -22,11 +22,13 @@ package org.jboss.wsf.stack.cxf.interceptor; import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.interceptor.OneWayProcessorInterceptor; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.jboss.wsf.spi.deployment.Endpoint; +import org.jboss.wsf.spi.deployment.EndpointType; import org.jboss.wsf.spi.invocation.EndpointAssociation; /** @@ -42,17 +44,43 @@ public class EndpointAssociationInterceptor extends AbstractPhaseInterceptor<Message> { + private EjbWSOneWayThreadInterceptor ejbOneWayInterceptor = new EjbWSOneWayThreadInterceptor(); + public EndpointAssociationInterceptor() { super(Phase.RECEIVE); } - + @Override public void handleMessage(Message message) throws Fault { Endpoint endpoint = EndpointAssociation.getEndpoint(); Exchange exchange = message.getExchange(); + exchange.put(Endpoint.class, endpoint); + message.getInterceptorChain().add(ejbOneWayInterceptor); + } + public class EjbWSOneWayThreadInterceptor extends AbstractPhaseInterceptor<Message> + { + public EjbWSOneWayThreadInterceptor() + { + super(Phase.PRE_LOGICAL); + this.addBefore(OneWayProcessorInterceptor.class.getName()); + } + + @Override + public void handleMessage(Message message) throws Fault + { + + Endpoint endpoint = message.getExchange().get(Endpoint.class); + //Use original thread for oneway message to avoid authorization failure in ejb container for webservice endpoint + if (endpoint.getType() == EndpointType.JAXWS_EJB3 && message.getExchange().isOneWay() && !isRequestor(message)) + { + message.put(OneWayProcessorInterceptor.USE_ORIGINAL_THREAD, true); + } + + } + } } Added: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/EnableRobustOneWayInterceptor.java =================================================================== --- stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/EnableRobustOneWayInterceptor.java (rev 0) +++ stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/EnableRobustOneWayInterceptor.java 2015-04-16 09:02:29 UTC (rev 19640) @@ -0,0 +1,58 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2012, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.ws.jaxws.samples.securityDomain; + +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.interceptor.OneWayProcessorInterceptor; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.spi.deployment.Endpoint; +import org.jboss.wsf.spi.deployment.EndpointType; + +/** + * This class for test use to enable client to receive the authorization + * <p> exception for one way operation + * @author <a href="mailto:ema@redhat.com">Jim Ma</a> + * + */ +public class EnableRobustOneWayInterceptor extends AbstractPhaseInterceptor<Message> +{ + public EnableRobustOneWayInterceptor() + { + super(Phase.PRE_LOGICAL); + this.addBefore(OneWayProcessorInterceptor.class.getName()); + } + + @Override + public void handleMessage(Message message) throws Fault + { + + Endpoint endpoint = message.getExchange().get(Endpoint.class); + //Use original thread for oneway message to avoid authorization failure in ejb container for webservice endpoint + if (endpoint.getType() == EndpointType.JAXWS_EJB3 && message.getExchange().isOneWay() && !isRequestor(message)) + { + message.put(Message.ROBUST_ONEWAY, true); + } + + } +} \ No newline at end of file Property changes on: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/EnableRobustOneWayInterceptor.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Modified: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl2.java =================================================================== --- stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl2.java 2015-04-15 21:46:07 UTC (rev 19639) +++ stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl2.java 2015-04-16 09:02:29 UTC (rev 19640) @@ -30,6 +30,7 @@ import javax.jws.soap.SOAPBinding; import javax.jws.soap.SOAPBinding.Style; +import org.apache.cxf.interceptor.InInterceptors; import org.jboss.ejb3.annotation.SecurityDomain; import org.jboss.logging.Logger; import org.jboss.ws.api.annotation.AuthMethod; Added: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl3.java =================================================================== --- stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl3.java (rev 0) +++ stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl3.java 2015-04-16 09:02:29 UTC (rev 19640) @@ -0,0 +1,86 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2015, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.ws.jaxws.samples.securityDomain; + +import javax.annotation.security.DeclareRoles; +import javax.annotation.security.RolesAllowed; +import javax.annotation.security.PermitAll; +import javax.ejb.Stateless; +import javax.jws.Oneway; +import javax.jws.WebMethod; +import javax.jws.WebService; +import javax.jws.soap.SOAPBinding; +import javax.jws.soap.SOAPBinding.Style; + +import org.jboss.ejb3.annotation.SecurityDomain; +import org.jboss.logging.Logger; +import org.jboss.ws.api.annotation.AuthMethod; +import org.jboss.ws.api.annotation.TransportGuarantee; +import org.jboss.ws.api.annotation.WebContext; + +@Stateless(name = "SecureEndpoint") +@SOAPBinding(style = Style.RPC) +@WebService +( + name = "SecureEndpoint", + serviceName = "SecureEndpointService3", + targetNamespace = "http://org.jboss.ws/securityDomain" +) +@WebContext +( + contextRoot="/jaxws-securityDomain3", + urlPattern="/authz", + authMethod = AuthMethod.BASIC, + transportGuarantee = TransportGuarantee.NONE, + secureWSDLAccess = false +) +@SecurityDomain("JBossWSSecurityDomainTest") +@RolesAllowed("friend") +public class SecureEndpointImpl3 +{ + // Provide logging + private static Logger log = Logger.getLogger(SecureEndpointImpl3.class); + + @WebMethod + public String echoForAll(String input) + { + log.info(input); + return input; + } + @Oneway + @WebMethod + public void helloOneWay(String input) { + log.info(input); + } + @WebMethod + public String echo(String input) + { + log.info(input); + return input; + } + @WebMethod + public String restrictedEcho(String input) + { + log.info(input); + return input; + } +} Property changes on: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecureEndpointImpl3.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Modified: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecurityDomainTestCase.java =================================================================== --- stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecurityDomainTestCase.java 2015-04-15 21:46:07 UTC (rev 19639) +++ stack/cxf/trunk/modules/testsuite/shared-tests/src/test/java/org/jboss/test/ws/jaxws/samples/securityDomain/SecurityDomainTestCase.java 2015-04-16 09:02:29 UTC (rev 19640) @@ -27,6 +27,7 @@ import javax.xml.namespace.QName; import javax.xml.ws.BindingProvider; import javax.xml.ws.Service; +import javax.xml.ws.WebServiceException; import org.jboss.arquillian.container.test.api.Deployer; import org.jboss.arquillian.container.test.api.Deployment; @@ -35,6 +36,7 @@ import org.jboss.arquillian.junit.Arquillian; import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.asset.StringAsset; import org.jboss.shrinkwrap.api.spec.JavaArchive; import org.jboss.wsf.test.JBossWSTest; import org.jboss.wsf.test.JBossWSTestHelper; @@ -62,6 +64,7 @@ { private final static String DEPLOYMENT1 = "jaxws-samples-securityDomain"; private final static String DEPLOYMENT2 = "jaxws-samples-securityDomain2"; + private final static String DEPLOYMENT3 = "jaxws-samples-securityDomain3"; @ArquillianResource private URL baseURL; @ArquillianResource @@ -70,9 +73,11 @@ @Deployment(name= DEPLOYMENT1, testable = false) public static JavaArchive createDeployment() { JavaArchive archive = ShrinkWrap.create(JavaArchive.class, "jaxws-samples-securityDomain.jar"); - archive - .addManifest() - .addClass(org.jboss.test.ws.jaxws.samples.securityDomain.SecureEndpointImpl.class); + archive.setManifest(new StringAsset("Manifest-Version: 1.0\n" + + "Dependencies: org.apache.cxf.impl\n")) + .addClass(org.jboss.test.ws.jaxws.samples.securityDomain.SecureEndpointImpl.class) + .addClass(org.jboss.test.ws.jaxws.samples.securityDomain.EnableRobustOneWayInterceptor.class) + .addAsManifestResource(new File(JBossWSTestHelper.getTestResourcesDir() + "/jaxws/samples/securityDomain/jboss-webservices.xml"), "jboss-webservices.xml"); return archive; } @Deployment(name= DEPLOYMENT2, testable = false) @@ -84,6 +89,17 @@ .addAsManifestResource(new File(JBossWSTestHelper.getTestResourcesDir() + "/jaxws/samples/securityDomain/jboss-ejb3.xml"), "jboss-ejb3.xml"); return archive; } + + @Deployment(name= DEPLOYMENT3, testable = false) + public static JavaArchive createDeployment3() { + JavaArchive archive = ShrinkWrap.create(JavaArchive.class, "jaxws-samples-securityDomain3.jar"); + archive.setManifest(new StringAsset("Manifest-Version: 1.0\n" + + "Dependencies: org.apache.cxf.impl\n")) + .addClass(org.jboss.test.ws.jaxws.samples.securityDomain.SecureEndpointImpl3.class) + .addClass(org.jboss.test.ws.jaxws.samples.securityDomain.EnableRobustOneWayInterceptor.class) + .addAsManifestResource(new File(JBossWSTestHelper.getTestResourcesDir() + "/jaxws/samples/securityDomain/jboss-webservices.xml"), "jboss-webservices.xml"); + return archive; + } private SecureEndpoint getAuthzPort() throws Exception { @@ -209,40 +225,17 @@ @Test @RunAsClient @OperateOnDeployment(DEPLOYMENT1) - public void testOneWay() throws Exception + public void testMethodLevelRolesAllowedOneWay() throws Exception { //test unthenticated SecureEndpoint port2 = getAuthzPort(); - try - { - port2.helloOneWay("Hello"); - fail("Authentication exception expected!"); - } - catch (Exception e) - { - //expected web layer exception - assertTrue(e.getMessage().contains("Could not send Message")); - assertTrue("Exception Cause message: " + e.getCause().getMessage(), e.getCause().getMessage().contains("401: Unauthorized")); - } - ((BindingProvider)port2).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "bob"); - ((BindingProvider)port2).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "foo"); - try { - port2.helloOneWay("Hello"); - fail("Authorization exception expected!"); - } catch (Exception e) { - //expected weblayer layer authorization exception - assertTrue("Unexpected cause: " + e.getCause().getMessage(), e.getCause().getMessage().contains("403: Forbidden")); - } - - ((BindingProvider)port2).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "john"); - ((BindingProvider)port2).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "bar"); - port2.helloOneWay("Hello"); - } - - + testOneWay(port2); + } + @Test @RunAsClient @OperateOnDeployment(DEPLOYMENT2) + //To test missing-method-permissions-deny-access is setting to false and defaultAccess() should be allowed public void testEjbSecurityAuth() throws Exception { URL wsdlURL = new URL(baseURL + "/jaxws-securityDomain2/authz?wsdl"); @@ -273,5 +266,49 @@ assertEquals("Greetings", port.echo("Greetings")); assertEquals("Greetings", port.restrictedEcho("Greetings")); assertEquals("Greetings", port.defaultAccess("Greetings")); - } + } + + @Test + @RunAsClient + @OperateOnDeployment(DEPLOYMENT3) + //To test one-way operaton with class level @RolesAllowed + public void testClassLevelRolesAllowedOneWay() throws Exception + { + //test unthenticated + URL wsdlURL = new URL(baseURL + "/jaxws-securityDomain3/authz?wsdl"); + QName serviceName = new QName("http://org.jboss.ws/securityDomain", "SecureEndpointService3"); + SecureEndpoint port = Service.create(wsdlURL, serviceName).getPort(SecureEndpoint.class); + testOneWay(port); + } + private void testOneWay(SecureEndpoint port) throws Exception { + try + { + port.helloOneWay("Hello"); + fail("Authentication exception expected!"); + } + catch (Exception e) + { + e.printStackTrace(); + //expected web layer exception + assertTrue(e.getMessage().contains("Could not send Message")); + assertTrue("Exception Cause message: " + e.getCause().getMessage(), e.getCause().getMessage().contains("401: Unauthorized")); + } + ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "bob"); + ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "foo"); + try { + port.helloOneWay("Hello"); + fail("Authorization exception expected!"); + } catch (WebServiceException e) { + //Do nothing + } + + ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "john"); + ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "bar"); + try { + port.helloOneWay("Hello"); + + } catch (Exception e) { + fail("exception is unexpected!"); + } + } } \ No newline at end of file Added: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jboss-webservices.xml =================================================================== --- stack/cxf/trunk/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jboss-webservices.xml (rev 0) +++ stack/cxf/trunk/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jboss-webservices.xml 2015-04-16 09:02:29 UTC (rev 19640) @@ -0,0 +1,11 @@ +<?xml version="1.1" encoding="UTF-8"?> +<webservices + xmlns="http://www.jboss.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + version="1.2" + xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee"> + <property> + <name>cxf.interceptors.in</name> + <value>org.jboss.test.ws.jaxws.samples.securityDomain.EnableRobustOneWayInterceptor</value> + </property> +</webservices> \ No newline at end of file Property changes on: stack/cxf/trunk/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jboss-webservices.xml ___________________________________________________________________ Added: svn:mime-type + text/xml Added: svn:keywords + Rev Date Added: svn:eol-style + native