jbossws · jimma · Oct 11, 2024 · Aug 22, 2024 · Oct 10, 2024 · asoldano
@@ -219,4 +219,7 @@ public interface Messages {
 
     @Message(id = 24113, value = "Invalid endpoint URI: %s")
     IllegalArgumentException invalidEndpointURI(String endpoint);
+
+    @Message(id = 24118, value = "BindingOperation is missing for authorization")
+    IllegalArgumentException missingBindingOperationForAuthorization();
 }
@@ -144,6 +144,10 @@ protected void checkAuthorization(MessageContext ctx)
             SecurityContext secCtx = message.get(SecurityContext.class);
             BindingOperationInfo bop = exchange.getBindingOperationInfo();
             MethodDispatcher md = (MethodDispatcher) exchange.getService().get(MethodDispatcher.class.getName());
+            if (bop == null)
+            {
+               throw MESSAGES.missingBindingOperationForAuthorization();
+            }
             Method method = md.getMethod(bop);
 
             EJBMethodSecurityAttribute attributes = attributeProvider.getSecurityAttributes(method);

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.cxf.jbws4429;
+
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebResult;
+import jakarta.jws.WebService;
+import jakarta.xml.bind.annotation.XmlSeeAlso;
+import jakarta.xml.ws.RequestWrapper;
+import jakarta.xml.ws.ResponseWrapper;
+
+@WebService(name = "HelloServiceService", targetNamespace = "http://com.redhat.gss.example.soap/")
+@XmlSeeAlso({
+        ObjectFactory.class
+})
+public interface HelloService {
+
+    @WebMethod
+    @WebResult(targetNamespace = "")
+    @RequestWrapper(localName = "sayHello", targetNamespace = "http://com.redhat.gss.example.soap/",
+            className = "org.jboss.test.ws.jaxws.cxf.jbws4429.SayHello")
+    @ResponseWrapper(localName = "sayHelloResponse", targetNamespace = "http://com.redhat.gss.example.soap/",
+            className = "org.jboss.test.ws.jaxws.cxf.jbws4429.SayHelloResponse")
+    String sayHello(
+            @WebParam(name = "arg0", targetNamespace = "")
+            String arg0);
+
+}
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.cxf.jbws4429;
+
+import jakarta.ejb.Stateless;
+import jakarta.jws.HandlerChain;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebService;
+
+@Stateless
+//@WebService(targetNamespace ="http://com.redhat.gss.example.soap/") // correct targetNamespace
+@WebService(targetNamespace ="http://com.redhat.gss.invalid/")        // invalid targetNamespace that is not matched with wsdl distributed to clients
+@HandlerChain(file = "/handlers.xml")
+public class HelloServiceImpl {
+    @WebMethod
+    public String sayHello(String name) {
+        return "Hello, " + name;
+    }
+}
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.cxf.jbws4429;
+
+import java.net.URL;
+import javax.xml.namespace.QName;
+import jakarta.xml.ws.Service;
+import jakarta.xml.ws.WebEndpoint;
+import jakarta.xml.ws.WebServiceClient;
+import jakarta.xml.ws.WebServiceFeature;
+
+@WebServiceClient(name = "HelloServiceService", targetNamespace = "http://com.redhat.gss.example.soap/", wsdlLocation = "HelloServiceService.wsdl")
+public class HelloServiceService
+        extends Service
+{
+
+    private final static QName HELLOSERVICESERVICE_QNAME = new QName("http://com.redhat.gss.example.soap/", "HelloServiceService");
+
+    public HelloServiceService(URL wsdlLocation) {
+        super(wsdlLocation, HELLOSERVICESERVICE_QNAME);
+    }
+
+    /**
+     *
+     * @return
+     *     returns HelloService
+     */
+    @WebEndpoint(name = "HelloServicePort")
+    public HelloService getHelloServicePort() {
+        return super.getPort(new QName("http://com.redhat.gss.example.soap/", "HelloServicePort"), HelloService.class);
+    }
+
+    /**
+     *
+     * @param features
+     *     A list of {@link jakarta.xml.ws.WebServiceFeature} to configure on the proxy.  Supported features not in the <code>features</code> parameter will have their default values.
+     * @return
+     *     returns HelloService
+     */
+    @WebEndpoint(name = "HelloServicePort")
+    public HelloService getHelloServicePort(WebServiceFeature... features) {
+        return super.getPort(new QName("http://com.redhat.gss.example.soap/", "HelloServicePort"), HelloService.class, features);
+    }
+
+}
+
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.cxf.jbws4429;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.container.test.api.RunAsClient;
+import org.jboss.arquillian.junit5.ArquillianExtension;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.FileAsset;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestHelper;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import java.io.File;
+import java.net.URL;
+
+@ExtendWith(ArquillianExtension.class)
+public class JBWS4429TestCase extends JBossWSTest {
+    private static final String DEP = "jaxws-cxf-jbws4429";
+
+    @ArquillianResource
+    private URL baseURL;
+
+    @Deployment(name = DEP, testable = false)
+    public static WebArchive createDeployment() {
+        WebArchive archive = ShrinkWrap.create(WebArchive.class, DEP + ".war");
+        archive.setManifest(new StringAsset("Manifest-Version: 1.0\n"
+                        + "Dependencies: org.apache.cxf org.jboss.logging \n"))
+                .addClasses(HelloServiceImpl.class, LoggingHandler.class)
+                .add(new FileAsset(new File(JBossWSTestHelper.getTestResourcesDir() + "/jaxws/cxf/jbws4429/handlers.xml")), "WEB-INF/classes/handlers.xml")
+        ;
+        return archive;
+    }
+
+    @Test
+    @RunAsClient
+    public void testWS() throws Exception {
+        URL wsdlURL = JBWS4429TestCase.getResourceURL("/jaxws/cxf/jbws4429/WEB-INF/wsdl/HelloService.wsdl");
+        HelloServiceService clientService = new HelloServiceService(wsdlURL);
+        HelloService service = clientService.getHelloServicePort();
+        try {
+            service.sayHello("Jim");
+            Assertions.fail("sayHello() call should fail");
+        } catch (Exception e) {
+            Assertions.assertEquals("JBWS024118: BindingOperation is missing for authorization", e.getMessage());
+        }
+
+    }
+
+
+}
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.cxf.jbws4429;
+
+import javax.xml.namespace.QName;
+import jakarta.xml.ws.handler.MessageContext;
+import jakarta.xml.ws.handler.soap.SOAPHandler;
+import jakarta.xml.ws.handler.soap.SOAPMessageContext;
+import java.util.Collections;
+import java.util.Set;
+
+public class LoggingHandler implements SOAPHandler<SOAPMessageContext> {
+
+    @Override
+    public boolean handleMessage(SOAPMessageContext soapMessageContext) {
+        boolean isOutBound = (boolean) soapMessageContext.get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY);
+        if (isOutBound) {
+            System.out.println("### outbound message from JBoss EAP ###");
+        } else {
+            System.out.println("### inbound message from a client ###");
+        }
+        return true;
+    }
+
+    @Override
+    public Set<QName> getHeaders() {
+        return Collections.emptySet();
+    }
+
+    @Override
+    public boolean handleFault(SOAPMessageContext soapMessageContext) {
+        return true;
+    }
+
+    @Override
+    public void close(MessageContext messageContext) {
+        // no-operation
+    }
+}
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.test.ws.jaxws.cxf.jbws4429;
+import jakarta.xml.bind.JAXBElement;
+import jakarta.xml.bind.annotation.XmlElementDecl;
+import jakarta.xml.bind.annotation.XmlRegistry;
+import javax.xml.namespace.QName;
+
+
+/**
+ * This object contains factory methods for each
+ * Java content interface and Java element interface
+ * generated in the com.redhat.gss.example.soap package.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups.  Factory methods for each of these are
+ * provided in this class.
+ *
+ */
+@XmlRegistry
+public class ObjectFactory {
+
+    private final static QName _SayHelloResponse_QNAME = new QName("http://com.redhat.gss.example.soap/", "sayHelloResponse");
+    private final static QName _SayHello_QNAME = new QName("http://com.redhat.gss.example.soap/", "sayHello");
+
+    /**
+     * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: com.redhat.gss.example.soap
+     *
+     */
+    public ObjectFactory() {
+    }
+
+    /**
+     * Create an instance of {@link SayHello }
+     *
+     */
+    public SayHello createSayHello() {
+        return new SayHello();
+    }
+
+    /**
+     * Create an instance of {@link SayHelloResponse }
+     *
+     */
+    public SayHelloResponse createSayHelloResponse() {
+        return new SayHelloResponse();
+    }
+
+    /**
+     * Create an instance of {@link JAXBElement }{@code <}{@link SayHelloResponse }{@code >}}
+     *
+     */
+    @XmlElementDecl(namespace = "http://com.redhat.gss.example.soap/", name = "sayHelloResponse")
+    public JAXBElement<SayHelloResponse> createSayHelloResponse(SayHelloResponse value) {
+        return new JAXBElement<SayHelloResponse>(_SayHelloResponse_QNAME, SayHelloResponse.class, null, value);
+    }
+
+    /**
+     * Create an instance of {@link JAXBElement }{@code <}{@link SayHello }{@code >}}
+     *
+     */
+    @XmlElementDecl(namespace = "http://com.redhat.gss.example.soap/", name = "sayHello")
+    public JAXBElement<SayHello> createSayHello(SayHello value) {
+        return new JAXBElement<SayHello>(_SayHello_QNAME, SayHello.class, null, value);
+    }
+
+}