How to test ws-security?_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-02-22 04:15 出处：网络

I am about to develop web application with web services. I\'ve already tuned jax-ws and ws-security. I used soapUI and sent next request:

I am about to develop web application with web services. I've already tuned jax-ws and ws-security. I used soapUI and sent next request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="..." >
 <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-2">
      <wsu:Created>2011-11-11T00:05:05.044Z</wsu:Created>
      <wsu:Expires>2012-11-11T00:10:05.044Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
      <wsse:Username>user</wsse:Username>
      <wsse:Password>password</wsse:Password>
    </wsse:UsernameToken>
  </wsse:Security>
</soapenv:Header>
   <soapenv:Body>
      <soap:foo>
         <arg0>1</arg0>
      </soap:foo>
   </soapenv:Body>
</soapenv:Envelope>

I need get Username and Password from header. On the application I can get it by next code:

@Resource
WebServiceContext context;
...
private static final String PRINCIPAL_RESULT = "wss4j.principal.result";
...
WSUsernameTokenPrincipal wsutp = (WSUsernameTokenPrincipal) context.getMessageContext().get(PRINCIPAL_RESULT);       
..
String user = wsutp.getName()
String password = wsutp.getPassword();

But I have no idea how should I test it with jUnit tests, because context.getMessageContext() will be NULL on test class.

Does anyone knows a good guide or provide a code-sampl开发者_如何学Ce?

You need to mock the resources, that are not available in your junit tests. Please have a look at a framework like Mokito (http://mockito.org/). There you can do s.th. like:

  //You can mock concrete classes, not only interfaces
  LinkedList mockedList = mock(LinkedList.class);

 //stubbing
 when(mockedList.get(0)).thenReturn("first");
 when(mockedList.get(1)).thenThrow(new RuntimeException());

Or for your case:

WSUsernameTokenPrincipal mockedWsutp = mock(WSUsernameTokenPrincipal.class);
when(mockedWsutp.getName()).thenReturn("TheNameRequiredForYourTestCase");
...

With these frameworks, you can simulate the unavailable resources. And they integrate easily with junit. I hope this provides some useful ideas.

Try this: JAX-WS Webservice secured With XWS-Security (plain text password) [http://mananvpanchal.blogspot.com/2010/06/jax-ws-webservice-with-plaintext.html][1]