How to test ws-security?
I am about to develop web application with web services. I've already tuned jax-ws and ws-security. I used soapUI and sent next request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="..." >
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-2">
<wsu:Created>2011-11-11T00:05:05.044Z</wsu:Created>
<wsu:Expires>2012-11-11T00:10:05.044Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Username>user</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<soap:foo>
<arg0>1</arg0>
</soap:foo>
</soapenv:Body>
</soapenv:Envelope>
I need get Username and Password from header. On the application I can get it by next code:
@Resource
WebServiceContext context;
...
private static final String PRINCIPAL_RESULT = "wss4j.principal.result";
...
WSUsernameTokenPrincipal wsutp = (WSUsernameTokenPrincipal) context.getMessageContext().get(PRINCIPAL_RESULT);
..
String user = wsutp.getName()
String password = wsutp.getPassword();
But I have no idea how should I test it with jUnit tests, because context.getMessageContext() will be NULL on test class.
Does anyone knows a good guide or provide a code-sampl开发者_如何学Ce?
You need to mock the resources, that are not available in your junit tests. Please have a look at a framework like Mokito (http://mockito.org/). There you can do s.th. like:
//You can mock concrete classes, not only interfaces
LinkedList mockedList = mock(LinkedList.class);
//stubbing
when(mockedList.get(0)).thenReturn("first");
when(mockedList.get(1)).thenThrow(new RuntimeException());
Or for your case:
WSUsernameTokenPrincipal mockedWsutp = mock(WSUsernameTokenPrincipal.class);
when(mockedWsutp.getName()).thenReturn("TheNameRequiredForYourTestCase");
...
With these frameworks, you can simulate the unavailable resources. And they integrate easily with junit. I hope this provides some useful ideas.
Try this: JAX-WS Webservice secured With XWS-Security (plain text password) [http://mananvpanchal.blogspot.com/2010/06/jax-ws-webservice-with-plaintext.html][1]
加载中,请稍侯......
精彩评论