Author: richard.opalka(a)jboss.com
Date: 2009-04-28 10:24:30 -0400 (Tue, 28 Apr 2009)
New Revision: 9904
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/attack-message.xml
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/message.xml
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java
stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml
Log:
[JBWS-1582] providing test case
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java 2009-04-28
14:19:04 UTC (rev 9903)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/wsdl/JBossWSDLReaderImpl.java 2009-04-28
14:24:30 UTC (rev 9904)
@@ -2115,19 +2115,10 @@
private static Document getDocument(InputSource inputSource,
String desc) throws WSDLException
{
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
- factory.setNamespaceAware(true);
- factory.setValidating(false);
-
try
{
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- builder.setEntityResolver( new JBossWSEntityResolver() );
- Document doc = builder.parse(inputSource);
-
- return doc;
+ DocumentBuilder builder = org.jboss.wsf.common.DOMUtils.getDocumentBuilder();
+ return builder.parse(inputSource);
}
catch (RuntimeException e)
{
Modified: stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml 2009-04-28
14:19:04 UTC (rev 9903)
+++
stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml 2009-04-28
14:24:30 UTC (rev 9904)
@@ -204,7 +204,27 @@
<include name="wsse.keystore"/>
</metainf>
</jar>
-
+
+ <!-- jaxws-jbws1582 -->
+ <war destfile="${tests.output.dir}/test-libs/jaxws-jbws1582.war"
webxml="${tests.output.dir}/test-resources/jaxws/jbws1582/WEB-INF/web.xml">
+ <classes dir="${tests.output.dir}/test-classes">
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/Endpoint.class"/>
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/test-resources/jaxws/jbws1582/WEB-INF">
+ <include name="wsdl/service.wsdl"/>
+ </webinf>
+ </war>
+ <war
destfile="${tests.output.dir}/test-libs/jaxws-jbws1582-attacked.war"
webxml="${tests.output.dir}/test-resources/jaxws/jbws1582/WEB-INF/attack-web.xml">
+ <classes dir="${tests.output.dir}/test-classes">
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/Endpoint.class"/>
+ <include
name="org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.class"/>
+ </classes>
+ <webinf
dir="${tests.output.dir}/test-resources/jaxws/jbws1582/WEB-INF">
+ <include name="wsdl/attack-service.wsdl"/>
+ </webinf>
+ </war>
+
<!-- jaxws-jbws1666 -->
<war destfile="${tests.output.dir}/test-libs/jaxws-jbws1666.war"
webxml="${tests.output.dir}/test-resources/jaxws/jbws1666/WEB-INF/web.xml">
<classes dir="${tests.output.dir}/test-classes">
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/AttackedEndpointImpl.java 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "EndpointPort",
+ serviceName = "EndpointService",
+ wsdlLocation = "WEB-INF/wsdl/attack-service.wsdl",
+ endpointInterface = "org.jboss.test.ws.jaxws.jbws1582.Endpoint"
+)
+public class AttackedEndpointImpl
+{
+ public String echo(String msg)
+ {
+ return msg;
+ }
+}
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/Endpoint.java 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+
+@WebService (name="Endpoint")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+public interface Endpoint
+{
+ @WebMethod(operationName = "echoString", action =
"urn:EchoString")
+ String echo(String input);
+}
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/EndpointImpl.java 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import javax.jws.WebService;
+
+@WebService
+(
+ portName = "EndpointPort",
+ serviceName = "EndpointService",
+ wsdlLocation = "WEB-INF/wsdl/service.wsdl",
+ endpointInterface = "org.jboss.test.ws.jaxws.jbws1582.Endpoint"
+)
+public class EndpointImpl
+{
+ public String echo(String msg)
+ {
+ return msg;
+ }
+}
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws1582/JBWS1582TestCase.java 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,129 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws1582;
+
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import junit.framework.Test;
+
+import org.jboss.wsf.common.IOUtils;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+
+/**
+ * [JBWS-1582] Protect JBossWS Against XML Attacks
+ *
+ * @author <a href="mailto:richard.opalka@jboss.org">Richard
Opalka</a>
+ */
+public class JBWS1582TestCase extends JBossWSTest
+{
+ private String endpointURL = "http://" + getServerHost() +
":8080/jaxws-jbws1582/TestService";
+ private String targetNS = "http://jbws1582.jaxws.ws.test.jboss.org/";
+
+ public static Test suite()
+ {
+ return new JBossWSTestSetup(JBWS1582TestCase.class,
"jaxws-jbws1582.war");
+ }
+
+ public void testLegalAccess() throws Exception
+ {
+ URL wsdlURL = new URL(endpointURL + "?wsdl");
+ QName serviceName = new QName(targetNS, "EndpointService");
+
+ Service service = Service.create(wsdlURL, serviceName);
+ Endpoint port = (Endpoint)service.getPort(Endpoint.class);
+
+ Object retObj = port.echo("Hello");
+ assertEquals("Hello", retObj);
+ }
+
+ public void testSOAPMessage() throws Exception
+ {
+ String response = getResponse("jaxws/jbws1582/message.xml");
+ assertTrue(response.contains("HTTP/1.1 200 OK"));
+ assertTrue(response.contains("<return>Hello</return>"));
+ }
+
+ public void testSOAPMessageAttack() throws Exception
+ {
+ String response = getResponse("jaxws/jbws1582/attack-message.xml");
+ assertTrue(response.contains("HTTP/1.1 500"));
+ assertTrue(response.contains("DOCTYPE is disallowed when the feature"));
+ }
+
+ private String getResponse(String requestFile) throws Exception
+ {
+ final String CRNL = "\r\n";
+ String content = getContent(new
FileInputStream(this.getResourceFile(requestFile)));
+ Socket socket = new Socket();
+ socket.connect(new InetSocketAddress(this.getServerHost(), 8080));
+ OutputStream out = socket.getOutputStream();
+
+ // send an HTTP request to the endpoint
+ out.write(("POST /jaxws-jbws1582/TestService HTTP/1.0" +
CRNL).getBytes());
+ out.write(("Host: " + this.getServerHost() + ":8080" +
CRNL).getBytes());
+ out.write(("Content-Type: text/xml" + CRNL).getBytes());
+ out.write(("Content-Length: " + content.length() + CRNL).getBytes());
+ out.write((CRNL).getBytes());
+ out.write((content).getBytes());
+
+ // read the response
+ String response = getContent(socket.getInputStream());
+ socket.close();
+ System.out.println("---");
+ System.out.println(response);
+ System.out.println("---");
+ return response;
+ }
+
+ public void testAttackedArchiveDeployment() throws Exception
+ {
+ try
+ {
+ this.deploy("jaxws-jbws1582-attacked.war");
+ fail("deployment failure expected");
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ log.warn(e.getMessage(), e);
+ }
+ }
+
+ private static String getContent(InputStream is) throws IOException
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ IOUtils.copyStream(baos, is);
+ return new String(baos.toByteArray());
+ }
+
+}
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/attack-web.xml 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app
xmlns="http://java.sun.com/xml/ns/j2ee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <servlet-name>TestService</servlet-name>
+
<servlet-class>org.jboss.test.ws.jaxws.jbws1582.AttackedEndpointImpl</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestService</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
+
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/web.xml 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app
xmlns="http://java.sun.com/xml/ns/j2ee"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <servlet-name>TestService</servlet-name>
+
<servlet-class>org.jboss.test.ws.jaxws.jbws1582.EndpointImpl</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestService</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
+
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/attack-service.wsdl 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,180 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE definitions [
+ <!ENTITY ha1 "Hello">
+ <!ENTITY ha2 "&ha1; &ha1;">
+ <!ENTITY ha3 "&ha2; &ha2;">
+ <!ENTITY ha4 "&ha3; &ha3;">
+ <!ENTITY ha5 "&ha4; &ha4;">
+ <!ENTITY ha6 "&ha5; &ha5;">
+ <!ENTITY ha7 "&ha6; &ha6;">
+ <!ENTITY ha8 "&ha7; &ha7;">
+ <!ENTITY ha9 "&ha8; &ha8;">
+ <!ENTITY ha10 "&ha9; &ha9;">
+
+ <!ENTITY ha11 "&ha10; &ha10;">
+ <!ENTITY ha12 "&ha11; &ha11;">
+ <!ENTITY ha13 "&ha12; &ha12;">
+ <!ENTITY ha14 "&ha13; &ha13;">
+ <!ENTITY ha15 "&ha14; &ha14;">
+ <!ENTITY ha16 "&ha15; &ha15;">
+ <!ENTITY ha17 "&ha16; &ha16;">
+ <!ENTITY ha18 "&ha17; &ha17;">
+ <!ENTITY ha19 "&ha18; &ha18;">
+ <!ENTITY ha20 "&ha19; &ha19;">
+
+ <!ENTITY ha21 "&ha20; &ha20;">
+ <!ENTITY ha22 "&ha21; &ha21;">
+ <!ENTITY ha23 "&ha22; &ha22;">
+ <!ENTITY ha24 "&ha23; &ha23;">
+ <!ENTITY ha25 "&ha24; &ha24;">
+ <!ENTITY ha26 "&ha25; &ha25;">
+ <!ENTITY ha27 "&ha26; &ha26;">
+ <!ENTITY ha28 "&ha27; &ha27;">
+ <!ENTITY ha29 "&ha28; &ha28;">
+ <!ENTITY ha30 "&ha29; &ha29;">
+
+ <!ENTITY ha31 "&ha30; &ha30;">
+ <!ENTITY ha32 "&ha31; &ha31;">
+ <!ENTITY ha33 "&ha32; &ha32;">
+ <!ENTITY ha34 "&ha33; &ha33;">
+ <!ENTITY ha35 "&ha34; &ha34;">
+ <!ENTITY ha36 "&ha35; &ha35;">
+ <!ENTITY ha37 "&ha36; &ha36;">
+ <!ENTITY ha38 "&ha37; &ha37;">
+ <!ENTITY ha39 "&ha38; &ha38;">
+ <!ENTITY ha40 "&ha39; &ha39;">
+
+ <!ENTITY ha41 "&ha40; &ha40;">
+ <!ENTITY ha42 "&ha41; &ha41;">
+ <!ENTITY ha43 "&ha42; &ha42;">
+ <!ENTITY ha44 "&ha43; &ha43;">
+ <!ENTITY ha45 "&ha44; &ha44;">
+ <!ENTITY ha46 "&ha45; &ha45;">
+ <!ENTITY ha47 "&ha46; &ha46;">
+ <!ENTITY ha48 "&ha47; &ha47;">
+ <!ENTITY ha49 "&ha48; &ha48;">
+ <!ENTITY ha50 "&ha49; &ha49;">
+
+ <!ENTITY ha51 "&ha50; &ha50;">
+ <!ENTITY ha52 "&ha51; &ha51;">
+ <!ENTITY ha53 "&ha52; &ha52;">
+ <!ENTITY ha54 "&ha53; &ha53;">
+ <!ENTITY ha55 "&ha54; &ha54;">
+ <!ENTITY ha56 "&ha55; &ha55;">
+ <!ENTITY ha57 "&ha56; &ha56;">
+ <!ENTITY ha58 "&ha57; &ha57;">
+ <!ENTITY ha59 "&ha58; &ha58;">
+ <!ENTITY ha60 "&ha59; &ha59;">
+
+ <!ENTITY ha61 "&ha60; &ha60;">
+ <!ENTITY ha62 "&ha61; &ha61;">
+ <!ENTITY ha63 "&ha62; &ha62;">
+ <!ENTITY ha64 "&ha63; &ha63;">
+ <!ENTITY ha65 "&ha64; &ha64;">
+ <!ENTITY ha66 "&ha65; &ha65;">
+ <!ENTITY ha67 "&ha66; &ha66;">
+ <!ENTITY ha68 "&ha67; &ha67;">
+ <!ENTITY ha69 "&ha68; &ha68;">
+ <!ENTITY ha70 "&ha69; &ha69;">
+
+ <!ENTITY ha71 "&ha70; &ha70;">
+ <!ENTITY ha72 "&ha71; &ha71;">
+ <!ENTITY ha73 "&ha72; &ha72;">
+ <!ENTITY ha74 "&ha73; &ha73;">
+ <!ENTITY ha75 "&ha74; &ha74;">
+ <!ENTITY ha76 "&ha75; &ha75;">
+ <!ENTITY ha77 "&ha76; &ha76;">
+ <!ENTITY ha78 "&ha77; &ha77;">
+ <!ENTITY ha79 "&ha78; &ha78;">
+ <!ENTITY ha80 "&ha79; &ha79;">
+
+ <!ENTITY ha81 "&ha80; &ha80;">
+ <!ENTITY ha82 "&ha81; &ha81;">
+ <!ENTITY ha83 "&ha82; &ha82;">
+ <!ENTITY ha84 "&ha83; &ha83;">
+ <!ENTITY ha85 "&ha84; &ha84;">
+ <!ENTITY ha86 "&ha85; &ha85;">
+ <!ENTITY ha87 "&ha86; &ha86;">
+ <!ENTITY ha88 "&ha87; &ha87;">
+ <!ENTITY ha89 "&ha88; &ha88;">
+ <!ENTITY ha90 "&ha89; &ha89;">
+
+ <!ENTITY ha91 "&ha90; &ha90;">
+ <!ENTITY ha92 "&ha91; &ha91;">
+ <!ENTITY ha93 "&ha92; &ha92;">
+ <!ENTITY ha94 "&ha93; &ha93;">
+ <!ENTITY ha95 "&ha94; &ha94;">
+ <!ENTITY ha96 "&ha95; &ha95;">
+ <!ENTITY ha97 "&ha96; &ha96;">
+ <!ENTITY ha98 "&ha97; &ha97;">
+ <!ENTITY ha99 "&ha98; &ha98;">
+ <!ENTITY ha100 "&ha99; &ha99;">
+
+ <!ENTITY ha101 "&ha100; &ha100;">
+ <!ENTITY ha102 "&ha101; &ha101;">
+ <!ENTITY ha103 "&ha102; &ha102;">
+ <!ENTITY ha104 "&ha103; &ha103;">
+ <!ENTITY ha105 "&ha104; &ha104;">
+ <!ENTITY ha106 "&ha105; &ha105;">
+ <!ENTITY ha107 "&ha106; &ha106;">
+ <!ENTITY ha108 "&ha107; &ha107;">
+ <!ENTITY ha109 "&ha108; &ha108;">
+ <!ENTITY ha110 "&ha109; &ha109;">
+
+ <!ENTITY ha111 "&ha110; &ha110;">
+ <!ENTITY ha112 "&ha111; &ha111;">
+ <!ENTITY ha113 "&ha112; &ha112;">
+ <!ENTITY ha114 "&ha113; &ha113;">
+ <!ENTITY ha115 "&ha114; &ha114;">
+ <!ENTITY ha116 "&ha115; &ha115;">
+ <!ENTITY ha117 "&ha116; &ha116;">
+ <!ENTITY ha118 "&ha117; &ha117;">
+ <!ENTITY ha119 "&ha118; &ha118;">
+ <!ENTITY ha120 "&ha119; &ha119;">
+
+ <!ENTITY ha121 "&ha120; &ha120;">
+ <!ENTITY ha122 "&ha121; &ha121;">
+ <!ENTITY ha123 "&ha122; &ha122;">
+ <!ENTITY ha124 "&ha123; &ha123;">
+ <!ENTITY ha125 "&ha124; &ha124;">
+ <!ENTITY ha126 "&ha125; &ha125;">
+ <!ENTITY ha127 "&ha126; &ha126;">
+ <!ENTITY ha128 "&ha127; &ha127;">
+]>
+<definitions name="EndpointService"
targetNamespace="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:tns="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ </types>
+ <message name="Endpoint_echoString">
+ <part name="arg0" type="xsd:string">
+ </part>
+ </message>
+ <message name="Endpoint_echoStringResponse">
+ <part name="return" type="xsd:string">
+ </part>
+ </message>
+ <portType name="Endpoint">
+ <operation name="echoString" parameterOrder="arg0">
+ <input message="tns:Endpoint_echoString">
+ </input>
+ <output message="tns:Endpoint_echoStringResponse">
+ </output>
+ </operation>
+ </portType>
+ <binding name="EndpointBinding" type="tns:Endpoint">
+ <soap:binding style="rpc"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="echoString">
+ <soap:operation soapAction="urn:EchoString"/>
+ <input>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </input>
+ <output>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="EndpointService">
+ <port name="EndpointPort" binding="tns:EndpointBinding">
+ <soap:address location="&h12;"/>
+ </port>
+ </service>
+</definitions>
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/WEB-INF/wsdl/service.wsdl 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="EndpointService"
targetNamespace="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:tns="http://jbws1582.jaxws.ws.test.jboss.org/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ </types>
+ <message name="Endpoint_echoString">
+ <part name="arg0" type="xsd:string">
+ </part>
+ </message>
+ <message name="Endpoint_echoStringResponse">
+ <part name="return" type="xsd:string">
+ </part>
+ </message>
+ <portType name="Endpoint">
+ <operation name="echoString" parameterOrder="arg0">
+ <input message="tns:Endpoint_echoString">
+ </input>
+ <output message="tns:Endpoint_echoStringResponse">
+ </output>
+ </operation>
+ </portType>
+ <binding name="EndpointBinding" type="tns:Endpoint">
+ <soap:binding style="rpc"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="echoString">
+ <soap:operation soapAction="urn:EchoString"/>
+ <input>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </input>
+ <output>
+ <soap:body use="literal"
namespace="http://jbws1582.jaxws.ws.test.jboss.org/"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="EndpointService">
+ <port name="EndpointPort" binding="tns:EndpointBinding">
+ <soap:address location="REPLACE_WITH_ACTUAL_URL"/>
+ </port>
+ </service>
+</definitions>
\ No newline at end of file
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/attack-message.xml
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/attack-message.xml
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/attack-message.xml 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,151 @@
+<?xml version="1.0"?>
+<!DOCTYPE root [
+ <!ENTITY ha1 "Hello">
+ <!ENTITY ha2 "&ha1; &ha1;">
+ <!ENTITY ha3 "&ha2; &ha2;">
+ <!ENTITY ha4 "&ha3; &ha3;">
+ <!ENTITY ha5 "&ha4; &ha4;">
+ <!ENTITY ha6 "&ha5; &ha5;">
+ <!ENTITY ha7 "&ha6; &ha6;">
+ <!ENTITY ha8 "&ha7; &ha7;">
+ <!ENTITY ha9 "&ha8; &ha8;">
+ <!ENTITY ha10 "&ha9; &ha9;">
+
+ <!ENTITY ha11 "&ha10; &ha10;">
+ <!ENTITY ha12 "&ha11; &ha11;">
+ <!ENTITY ha13 "&ha12; &ha12;">
+ <!ENTITY ha14 "&ha13; &ha13;">
+ <!ENTITY ha15 "&ha14; &ha14;">
+ <!ENTITY ha16 "&ha15; &ha15;">
+ <!ENTITY ha17 "&ha16; &ha16;">
+ <!ENTITY ha18 "&ha17; &ha17;">
+ <!ENTITY ha19 "&ha18; &ha18;">
+ <!ENTITY ha20 "&ha19; &ha19;">
+
+ <!ENTITY ha21 "&ha20; &ha20;">
+ <!ENTITY ha22 "&ha21; &ha21;">
+ <!ENTITY ha23 "&ha22; &ha22;">
+ <!ENTITY ha24 "&ha23; &ha23;">
+ <!ENTITY ha25 "&ha24; &ha24;">
+ <!ENTITY ha26 "&ha25; &ha25;">
+ <!ENTITY ha27 "&ha26; &ha26;">
+ <!ENTITY ha28 "&ha27; &ha27;">
+ <!ENTITY ha29 "&ha28; &ha28;">
+ <!ENTITY ha30 "&ha29; &ha29;">
+
+ <!ENTITY ha31 "&ha30; &ha30;">
+ <!ENTITY ha32 "&ha31; &ha31;">
+ <!ENTITY ha33 "&ha32; &ha32;">
+ <!ENTITY ha34 "&ha33; &ha33;">
+ <!ENTITY ha35 "&ha34; &ha34;">
+ <!ENTITY ha36 "&ha35; &ha35;">
+ <!ENTITY ha37 "&ha36; &ha36;">
+ <!ENTITY ha38 "&ha37; &ha37;">
+ <!ENTITY ha39 "&ha38; &ha38;">
+ <!ENTITY ha40 "&ha39; &ha39;">
+
+ <!ENTITY ha41 "&ha40; &ha40;">
+ <!ENTITY ha42 "&ha41; &ha41;">
+ <!ENTITY ha43 "&ha42; &ha42;">
+ <!ENTITY ha44 "&ha43; &ha43;">
+ <!ENTITY ha45 "&ha44; &ha44;">
+ <!ENTITY ha46 "&ha45; &ha45;">
+ <!ENTITY ha47 "&ha46; &ha46;">
+ <!ENTITY ha48 "&ha47; &ha47;">
+ <!ENTITY ha49 "&ha48; &ha48;">
+ <!ENTITY ha50 "&ha49; &ha49;">
+
+ <!ENTITY ha51 "&ha50; &ha50;">
+ <!ENTITY ha52 "&ha51; &ha51;">
+ <!ENTITY ha53 "&ha52; &ha52;">
+ <!ENTITY ha54 "&ha53; &ha53;">
+ <!ENTITY ha55 "&ha54; &ha54;">
+ <!ENTITY ha56 "&ha55; &ha55;">
+ <!ENTITY ha57 "&ha56; &ha56;">
+ <!ENTITY ha58 "&ha57; &ha57;">
+ <!ENTITY ha59 "&ha58; &ha58;">
+ <!ENTITY ha60 "&ha59; &ha59;">
+
+ <!ENTITY ha61 "&ha60; &ha60;">
+ <!ENTITY ha62 "&ha61; &ha61;">
+ <!ENTITY ha63 "&ha62; &ha62;">
+ <!ENTITY ha64 "&ha63; &ha63;">
+ <!ENTITY ha65 "&ha64; &ha64;">
+ <!ENTITY ha66 "&ha65; &ha65;">
+ <!ENTITY ha67 "&ha66; &ha66;">
+ <!ENTITY ha68 "&ha67; &ha67;">
+ <!ENTITY ha69 "&ha68; &ha68;">
+ <!ENTITY ha70 "&ha69; &ha69;">
+
+ <!ENTITY ha71 "&ha70; &ha70;">
+ <!ENTITY ha72 "&ha71; &ha71;">
+ <!ENTITY ha73 "&ha72; &ha72;">
+ <!ENTITY ha74 "&ha73; &ha73;">
+ <!ENTITY ha75 "&ha74; &ha74;">
+ <!ENTITY ha76 "&ha75; &ha75;">
+ <!ENTITY ha77 "&ha76; &ha76;">
+ <!ENTITY ha78 "&ha77; &ha77;">
+ <!ENTITY ha79 "&ha78; &ha78;">
+ <!ENTITY ha80 "&ha79; &ha79;">
+
+ <!ENTITY ha81 "&ha80; &ha80;">
+ <!ENTITY ha82 "&ha81; &ha81;">
+ <!ENTITY ha83 "&ha82; &ha82;">
+ <!ENTITY ha84 "&ha83; &ha83;">
+ <!ENTITY ha85 "&ha84; &ha84;">
+ <!ENTITY ha86 "&ha85; &ha85;">
+ <!ENTITY ha87 "&ha86; &ha86;">
+ <!ENTITY ha88 "&ha87; &ha87;">
+ <!ENTITY ha89 "&ha88; &ha88;">
+ <!ENTITY ha90 "&ha89; &ha89;">
+
+ <!ENTITY ha91 "&ha90; &ha90;">
+ <!ENTITY ha92 "&ha91; &ha91;">
+ <!ENTITY ha93 "&ha92; &ha92;">
+ <!ENTITY ha94 "&ha93; &ha93;">
+ <!ENTITY ha95 "&ha94; &ha94;">
+ <!ENTITY ha96 "&ha95; &ha95;">
+ <!ENTITY ha97 "&ha96; &ha96;">
+ <!ENTITY ha98 "&ha97; &ha97;">
+ <!ENTITY ha99 "&ha98; &ha98;">
+ <!ENTITY ha100 "&ha99; &ha99;">
+
+ <!ENTITY ha101 "&ha100; &ha100;">
+ <!ENTITY ha102 "&ha101; &ha101;">
+ <!ENTITY ha103 "&ha102; &ha102;">
+ <!ENTITY ha104 "&ha103; &ha103;">
+ <!ENTITY ha105 "&ha104; &ha104;">
+ <!ENTITY ha106 "&ha105; &ha105;">
+ <!ENTITY ha107 "&ha106; &ha106;">
+ <!ENTITY ha108 "&ha107; &ha107;">
+ <!ENTITY ha109 "&ha108; &ha108;">
+ <!ENTITY ha110 "&ha109; &ha109;">
+
+ <!ENTITY ha111 "&ha110; &ha110;">
+ <!ENTITY ha112 "&ha111; &ha111;">
+ <!ENTITY ha113 "&ha112; &ha112;">
+ <!ENTITY ha114 "&ha113; &ha113;">
+ <!ENTITY ha115 "&ha114; &ha114;">
+ <!ENTITY ha116 "&ha115; &ha115;">
+ <!ENTITY ha117 "&ha116; &ha116;">
+ <!ENTITY ha118 "&ha117; &ha117;">
+ <!ENTITY ha119 "&ha118; &ha118;">
+ <!ENTITY ha120 "&ha119; &ha119;">
+
+ <!ENTITY ha121 "&ha120; &ha120;">
+ <!ENTITY ha122 "&ha121; &ha121;">
+ <!ENTITY ha123 "&ha122; &ha122;">
+ <!ENTITY ha124 "&ha123; &ha123;">
+ <!ENTITY ha125 "&ha124; &ha124;">
+ <!ENTITY ha126 "&ha125; &ha125;">
+ <!ENTITY ha127 "&ha126; &ha126;">
+ <!ENTITY ha128 "&ha127; &ha127;">
+]>
+<env:Envelope
xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
+ <env:Header/>
+ <env:Body>
+ <ns1:echoString
xmlns:ns1='http://jbws1582.jaxws.ws.test.jboss.org/'>
+ <arg0>&h128;</arg0>
+ </ns1:echoString>
+ </env:Body>
+</env:Envelope>
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/message.xml
===================================================================
---
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/message.xml
(rev 0)
+++
stack/native/trunk/modules/testsuite/native-tests/src/test/resources/jaxws/jbws1582/message.xml 2009-04-28
14:24:30 UTC (rev 9904)
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<env:Envelope
xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
+ <env:Header/>
+ <env:Body>
+ <ns1:echoString
xmlns:ns1='http://jbws1582.jaxws.ws.test.jboss.org/'>
+ <arg0>Hello</arg0>
+ </ns1:echoString>
+ </env:Body>
+</env:Envelope>
+