如何测试ws-安全性？

Question

我准备用web服务开发web应用程序。我已经调好了jax-ws和ws-安全。我使用了soapUI并发送了下一个请求：

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="..." >
 <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-2">
      <wsu:Created>2011-11-11T00:05:05.044Z</wsu:Created>
      <wsu:Expires>2012-11-11T00:10:05.044Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
      <wsse:Username>user</wsse:Username>
      <wsse:Password>password</wsse:Password>
    </wsse:UsernameToken>
  </wsse:Security>
</soapenv:Header>
   <soapenv:Body>
      <soap:foo>
         <arg0>1</arg0>
      </soap:foo>
   </soapenv:Body>
</soapenv:Envelope>

我需要从头获取用户名和密码。在应用程序中，我可以在下一段代码中获得它：

@Resource
WebServiceContext context;
...
private static final String PRINCIPAL_RESULT = "wss4j.principal.result";
...
WSUsernameTokenPrincipal wsutp = (WSUsernameTokenPrincipal) context.getMessageContext().get(PRINCIPAL_RESULT);       
..
String user = wsutp.getName()
String password = wsutp.getPassword();

但是我不知道如何用jUnit测试来测试它，因为context.getMessageContext()在测试类上将是空。

是否有人知道一个好的指南或提供一个代码样本？

Answer 1

您需要模拟在junit测试中不可用的资源。请看一下像Mokito (http://mockito.org/)这样的框架。在那里你可以做s.th。像这样：

  //You can mock concrete classes, not only interfaces
  LinkedList mockedList = mock(LinkedList.class);

 //stubbing
 when(mockedList.get(0)).thenReturn("first");
 when(mockedList.get(1)).thenThrow(new RuntimeException());

或者你的案子：

WSUsernameTokenPrincipal mockedWsutp = mock(WSUsernameTokenPrincipal.class);
when(mockedWsutp.getName()).thenReturn("TheNameRequiredForYourTestCase");
...

使用这些框架，您可以模拟不可用的资源。它们很容易与junit集成。我希望这能提供一些有用的想法。

Answer 2

尝试如下:使用XWS-安全性(纯文本密码) [http://mananvpanchal.blogspot.com/2010/06/jax-ws-webservice-with-plaintext.html][1]保护JAX