1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.test;
20
21 import java.util.ArrayList;
22 import java.util.List;
23
24 import javax.xml.namespace.QName;
25
26 import org.apache.wss4j.common.WSSPolicyException;
27 import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
28 import org.apache.wss4j.stax.ext.WSSConstants;
29 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
30 import org.apache.wss4j.stax.securityEvent.RequiredElementSecurityEvent;
31 import org.junit.jupiter.api.Test;
32
33 import static org.junit.jupiter.api.Assertions.assertEquals;
34 import static org.junit.jupiter.api.Assertions.fail;
35
36 public class RequiredElementsTest extends AbstractPolicyTestBase {
37
38 @Test
39 public void testPolicy() throws Exception {
40 String policyString =
41 "<sp:RequiredElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
42 "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
43 "</sp:RequiredElements>";
44 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
45
46 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
47 operationSecurityEvent.setOperation(new QName("definitions"));
48 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
49
50 RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
51 requiredElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
52 policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
53 List<QName> headerPath = new ArrayList<>();
54 headerPath.add(new QName("http://example.org", "a"));
55 requiredElementSecurityEvent.setElementPath(headerPath);
56 policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
57
58 headerPath = new ArrayList<>();
59 headerPath.add(new QName("http://example.org", "b"));
60 requiredElementSecurityEvent.setElementPath(headerPath);
61 policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
62 policyEnforcer.doFinal();
63 }
64
65 @Test
66 public void testPolicyMultipleAssertionEventsNegative() throws Exception {
67 String policyString =
68 "<sp:RequiredElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
69 "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
70 "</sp:RequiredElements>";
71 PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
72
73 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
74 operationSecurityEvent.setOperation(new QName("definitions"));
75 policyEnforcer.registerSecurityEvent(operationSecurityEvent);
76
77 RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
78 requiredElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
79 policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
80 try {
81 policyEnforcer.doFinal();
82 fail("Exception expected");
83 } catch (WSSPolicyException e) {
84 assertEquals(e.getMessage(), "Element /{http://example.org}a must be present");
85 }
86 }
87 }