From cfffe21f579c30d7557ae964414624cf610b7f71 Mon Sep 17 00:00:00 2001 From: Peter Palaga Date: Mon, 25 Dec 2023 19:47:31 +0100 Subject: [PATCH] Test and document authentication and authorization on both client and server side fix #794 --- .../BasicAuthHelloServiceImpl.java | 15 ++++ .../client-server/application.properties | 83 +++++++++++++++++++ docs/modules/ROOT/nav.adoc | 1 + docs/modules/ROOT/pages/reference/index.adoc | 2 +- .../advanced-soap-client-topics.adoc | 12 --- docs/modules/ROOT/pages/user-guide/auth.adoc | 62 ++++++++++++++ .../cxf/auth/AuthFaultOutInterceptor.java | 41 +++++++++ .../quarkiverse/cxf/transport/CxfHandler.java | 2 + integration-tests/client-server/pom.xml | 32 +++++++ .../auth/basic/BasicAuthHelloServiceImpl.java | 2 - .../cxf/it/auth/basic/BasicAuthResource.java | 24 +++++- .../src/main/resources/application.properties | 18 +++- .../cxf/it/auth/basic/wsdl/BasicAuthTest.java | 25 ++++++ 13 files changed, 301 insertions(+), 18 deletions(-) create mode 100644 docs/modules/ROOT/examples/client-server/BasicAuthHelloServiceImpl.java create mode 100644 docs/modules/ROOT/examples/client-server/application.properties create mode 100644 docs/modules/ROOT/pages/user-guide/auth.adoc create mode 100644 extensions/core/runtime/src/main/java/io/quarkiverse/cxf/auth/AuthFaultOutInterceptor.java diff --git a/docs/modules/ROOT/examples/client-server/BasicAuthHelloServiceImpl.java b/docs/modules/ROOT/examples/client-server/BasicAuthHelloServiceImpl.java new file mode 100644 index 000000000..d28c8f8be --- /dev/null +++ b/docs/modules/ROOT/examples/client-server/BasicAuthHelloServiceImpl.java @@ -0,0 +1,15 @@ +package io.quarkiverse.cxf.it.auth.basic; + +import jakarta.annotation.security.RolesAllowed; +import jakarta.jws.WebService; + +import io.quarkiverse.cxf.it.HelloService; + +@WebService(serviceName = "HelloService", targetNamespace = HelloService.NS) +@RolesAllowed("app-user") +public class BasicAuthHelloServiceImpl implements HelloService { + @Override + public String hello(String person) { + return "Hello " + person + "!"; + } +} diff --git a/docs/modules/ROOT/examples/client-server/application.properties b/docs/modules/ROOT/examples/client-server/application.properties new file mode 100644 index 000000000..959f16320 --- /dev/null +++ b/docs/modules/ROOT/examples/client-server/application.properties @@ -0,0 +1,83 @@ +client-server.bob.password = bob234 + +# Basic auth global configuration +# tag::users-and-roles[] +quarkus.http.auth.basic = true +quarkus.security.users.embedded.enabled = true +quarkus.security.users.embedded.plain-text = true +quarkus.security.users.embedded.users.alice = alice123 +quarkus.security.users.embedded.roles.alice = admin +quarkus.security.users.embedded.users.bob = bob234 +quarkus.security.users.embedded.roles.bob = app-user +# end::users-and-roles[] + +quarkus.native.resources.includes = wsdl/* + +# Global Quarkus CXF configuration +quarkus.cxf.path = /soap + +# Addressing tests +quarkus.cxf.endpoint."/addressing-anonymous".implementor = io.quarkiverse.cxf.it.ws.addressing.server.anonymous.AddressingAnonymousImpl +quarkus.cxf.endpoint."/addressing-decoupled".implementor = io.quarkiverse.cxf.it.ws.addressing.server.decoupled.WsAddressingImpl + +# XML Schema validation +quarkus.cxf.codegen.wsdl2java.includes = wsdl/*.wsdl +quarkus.cxf.codegen.wsdl2java.package-names = io.quarkiverse.cxf.it.server.xml.schema.validation.model +quarkus.cxf.codegen.wsdl2java.wsdl-location = classpath:wsdl/calculator.wsdl + +# Service endpoints +quarkus.cxf.endpoint."/annotation-schema-validated-calculator".implementor = io.quarkiverse.cxf.it.server.xml.schema.validation.AnnotationSchemaValidatedCalculatorServiceImpl +# https://github.com/quarkiverse/quarkus-cxf/issues/557 @WebServide(wsdlLocation = "wsdl/calculator.wsdl") does not work +quarkus.cxf.endpoint."/annotation-schema-validated-calculator".wsdl = wsdl/calculator.wsdl +quarkus.cxf.endpoint."/annotation-schema-validated-calculator".logging.enabled = true + +quarkus.cxf.endpoint."/application-properties-schema-validated-calculator".implementor = io.quarkiverse.cxf.it.server.xml.schema.validation.ApplicationPropertiesSchemaValidatedCalculatorServiceImpl +# https://github.com/quarkiverse/quarkus-cxf/issues/557 @WebServide(wsdlLocation = "wsdl/calculator.wsdl") does not work +quarkus.cxf.endpoint."/application-properties-schema-validated-calculator".wsdl = wsdl/calculator.wsdl +quarkus.cxf.endpoint."/application-properties-schema-validated-calculator".logging.enabled = true +quarkus.cxf.endpoint."/application-properties-schema-validated-calculator".schema-validation.enabled-for = both + +# The validated client speaks to this endpoint, hence we want to keep the validation disabled here +quarkus.cxf.endpoint."/unvalidated-calculator".implementor = io.quarkiverse.cxf.it.server.xml.schema.validation.ApplicationPropertiesSchemaValidatedCalculatorServiceImpl +# https://github.com/quarkiverse/quarkus-cxf/issues/557 @WebServide(wsdlLocation = "wsdl/calculator.wsdl") does not work +quarkus.cxf.endpoint."/unvalidated-calculator".wsdl = wsdl/calculator.wsdl +quarkus.cxf.endpoint."/unvalidated-calculator".logging.enabled = true + +# XML Schema validation Client +quarkus.cxf.client.application-properties-schema-validated-calculator.wsdl = http://localhost:${quarkus.http.test-port}/soap/unvalidated-calculator?wsdl +quarkus.cxf.client.application-properties-schema-validated-calculator.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/unvalidated-calculator +quarkus.cxf.client.application-properties-schema-validated-calculator.service-interface = io.quarkiverse.cxf.it.server.xml.schema.validation.ApplicationPropertiesSchemaValidatedCalculatorService +quarkus.cxf.client.application-properties-schema-validated-calculator.schema-validation.enabled-for = both + + +# WSDL not secured by basic auth +quarkus.cxf.endpoint."/basicAuth".implementor = io.quarkiverse.cxf.it.auth.basic.BasicAuthHelloServiceImpl +quarkus.cxf.endpoint."/basicAuth".logging.enabled = true +# Client +# tag::client-basic-auth[] +quarkus.cxf.client.basicAuth.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl +quarkus.cxf.client.basicAuth.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth +quarkus.cxf.client.basicAuth.username = bob +quarkus.cxf.client.basicAuth.password = bob234 +# end::client-basic-auth[] + +quarkus.cxf.client.basicAuthAnonymous.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl +quarkus.cxf.client.basicAuthAnonymous.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth + +quarkus.cxf.client.basicAuthBadUser.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl +quarkus.cxf.client.basicAuthBadUser.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth +quarkus.cxf.client.basicAuthBadUser.username = alice +quarkus.cxf.client.basicAuthBadUser.password = alice123 + +# WSDL secured by basic auth +quarkus.cxf.endpoint."/basicAuthSecureWsdl".implementor = io.quarkiverse.cxf.it.auth.basic.BasicAuthHelloServiceImpl +quarkus.cxf.endpoint."/basicAuthSecureWsdl".in-interceptors = #wsdlBasicAuthInterceptor +quarkus.cxf.endpoint."/basicAuthSecureWsdl".logging.enabled = true +# Client +# tag::client-basic-auth-wsdl[] +quarkus.cxf.client.basicAuthSecureWsdl.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl +quarkus.cxf.client.basicAuthSecureWsdl.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuthSecureWsdl +quarkus.cxf.client.basicAuthSecureWsdl.username = bob +quarkus.cxf.client.basicAuthSecureWsdl.password = ${client-server.bob.password} +quarkus.cxf.client.basicAuthSecureWsdl.secure-wsdl-access = true +# end::client-basic-auth-wsdl[] diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index 55d49410e..088faba15 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -7,6 +7,7 @@ ** xref:user-guide/payload-logging.adoc[Logging] ** xref:user-guide/soap-payloads-with-jaxb.adoc[Complex SOAP payloads with JAXB] ** xref:user-guide/ssl.adoc[SSL] +** xref:user-guide/auth.adoc[Authentication and authorization] ** xref:user-guide/advanced-soap-client-topics.adoc[Advanced SOAP client topics] ** xref:user-guide/advanced-soap-server-topics.adoc[Advanced SOAP server topics] ** xref:user-guide/generate-java-from-wsdl.adoc[Generate Java from WSDL] diff --git a/docs/modules/ROOT/pages/reference/index.adoc b/docs/modules/ROOT/pages/reference/index.adoc index ea0324f93..fda5f1e3b 100644 --- a/docs/modules/ROOT/pages/reference/index.adoc +++ b/docs/modules/ROOT/pages/reference/index.adoc @@ -93,7 +93,7 @@ Out of https://cxf.apache.org/docs/transports.html[CXF Transports] only the foll * `quarkus-cxf` implements its own custom transport based on Quarkus and Vert.x for serving SOAP endpoints * HTTP client via `xref:reference/extensions/quarkus-cxf.adoc[quarkus-cxf]`, including -** xref:user-guide/advanced-soap-client-topics.adoc#basic-auth[Basic Authentication] +** xref:user-guide/auth.adoc##_client_http_basic_authentication[Basic Authentication] * https://cxf.apache.org/docs/asynchronous-client-http-transport.html[Asynchronous Client HTTP Transport] via `xref:reference/extensions/quarkus-cxf-rt-transports-http-hc5.adoc[quarkus-cxf-rt-transports-http-hc5]` diff --git a/docs/modules/ROOT/pages/user-guide/advanced-soap-client-topics.adoc b/docs/modules/ROOT/pages/user-guide/advanced-soap-client-topics.adoc index 76f13a81d..2d432babe 100644 --- a/docs/modules/ROOT/pages/user-guide/advanced-soap-client-topics.adoc +++ b/docs/modules/ROOT/pages/user-guide/advanced-soap-client-topics.adoc @@ -32,18 +32,6 @@ quarkus.cxf.client.anotherCalculator.client-endpoint-url = https://acme.com/ws/W quarkus.cxf.client.anotherCalculator.service-interface = org.jboss.eap.quickstarts.wscalculator.calculator.CalculatorService ---- -[[basic-auth]] -== Basic Authentication - -Basic authentication for clients is supported by default. -Just add the following properties to your `application.properties`: - -[source,properties] ----- -quarkus.cxf.client.myCalculator.username = user -quarkus.cxf.client.myCalculator.password = password ----- - [[timeouts]] == Timeouts diff --git a/docs/modules/ROOT/pages/user-guide/auth.adoc b/docs/modules/ROOT/pages/user-guide/auth.adoc new file mode 100644 index 000000000..1180e61e5 --- /dev/null +++ b/docs/modules/ROOT/pages/user-guide/auth.adoc @@ -0,0 +1,62 @@ += Authentication and authorization + +TIP: The sample code snippets shown in this section come from the + https://github.com/quarkiverse/quarkus-cxf/tree/main/integration-tests/client-server[Client and server integration test] + in the source tree of {quarkus-cxf-project-name}. You may want to use it as a runnable example. + +== Client HTTP basic authentication + +Use the following client configuration options provided by +`xref:reference/extensions/quarkus-cxf.adoc[quarkus-cxf]` extension +to pass the username and password for HTTP basic authentication: + +* `xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus.cxf.client.-clients-.username[quarkus.cxf.client."clients".username]` +* `xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus.cxf.client.-clients-.password[quarkus.cxf.client."clients".password]` + +Here is an example: + +.application.properties +[source,properties] +---- +include::example$client-server/application.properties[tag=client-basic-auth] +---- + +=== Accessing WSDL protected by basic authentication + +By default, the clients created by {quarkus-cxf-project-name} do not send the `Authorization` header, +unless you set the `xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus.cxf.client.-clients-.secure-wsdl-access[quarkus.cxf.client."clients".secure-wsdl-access]` to `true`: + +.application.properties +[source,properties] +---- +include::example$client-server/application.properties[tag=client-basic-auth-wsdl] +---- + +== Securing service endpoints + +The server-side authentication and authorization is driven by https://quarkus.io/guides/security-overview[Quarkus Security], +especially when it comes to + +* https://quarkus.io/guides/security-authentication-mechanisms[Authentication mechanisms] +* https://quarkus.io/guides/security-identity-providers[Identity providers] +* https://quarkus.io/guides/security-authorize-web-endpoints-reference[Role-based access control (RBAC)] + +There is a basic example in our https://github.com/quarkiverse/quarkus-cxf/tree/main/integration-tests/client-server[Client and server integration test]. +Its key parts are: + +* `io.quarkus:quarkus-elytron-security-properties-file` dependency as an Identity provider +* Basic authentication enabled and users with their roles configured in `application.properties`: ++ +.application.properties +[source,properties] +---- +include::example$client-server/application.properties[tag=users-and-roles] +---- ++ +* Role-based access control enfoced via `@RolesAllowed` annotation: + +.BasicAuthHelloServiceImpl.java +[source,properties] +---- +include::example$client-server/BasicAuthHelloServiceImpl.java[] +---- diff --git a/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/auth/AuthFaultOutInterceptor.java b/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/auth/AuthFaultOutInterceptor.java new file mode 100644 index 000000000..69ecf3687 --- /dev/null +++ b/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/auth/AuthFaultOutInterceptor.java @@ -0,0 +1,41 @@ +package io.quarkiverse.cxf.auth; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.Phase; + +import io.quarkus.security.ForbiddenException; +import io.quarkus.security.UnauthorizedException; + +/** + * Set the right HTTP status code for the response based on the kind of {@link SecurityException} being thrown. + */ +public class AuthFaultOutInterceptor extends AbstractSoapInterceptor { + + public AuthFaultOutInterceptor() { + super(Phase.POST_LOGICAL); + } + + @Override + public void handleMessage(SoapMessage message) throws Fault { + final Exception e = message.getContent(Exception.class); + if (e instanceof Fault) { + final Throwable securityException = rootCause(e); + if (securityException instanceof UnauthorizedException) { + ((Fault) e).setStatusCode(401); + } else if (securityException instanceof ForbiddenException) { + ((Fault) e).setStatusCode(403); + } + } + } + + private static Throwable rootCause(Exception e) { + Throwable result = e; + while (result.getCause() != null) { + result = result.getCause(); + } + return result; + } + +} diff --git a/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/transport/CxfHandler.java b/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/transport/CxfHandler.java index 522ef38c9..3dabd521b 100644 --- a/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/transport/CxfHandler.java +++ b/extensions/core/runtime/src/main/java/io/quarkiverse/cxf/transport/CxfHandler.java @@ -32,6 +32,7 @@ import io.quarkiverse.cxf.CxfConfig; import io.quarkiverse.cxf.CxfFixedConfig; import io.quarkiverse.cxf.QuarkusRuntimeJaxWsServiceFactoryBean; +import io.quarkiverse.cxf.auth.AuthFaultOutInterceptor; import io.quarkiverse.cxf.logging.LoggingFactoryCustomizer; import io.quarkus.arc.ManagedContext; import io.quarkus.arc.runtime.BeanContainer; @@ -135,6 +136,7 @@ public CxfHandler(CXFServletInfos cxfServletInfos, BeanContainer beanContainer, jaxWsServerFactoryBean.getOutInterceptors()); CXFRuntimeUtils.addBeans(servletInfo.getOutFaultInterceptors(), "outFaultInterceptor", endpointString, endpointType, jaxWsServerFactoryBean.getOutFaultInterceptors()); + jaxWsServerFactoryBean.getOutFaultInterceptors().add(new AuthFaultOutInterceptor()); CXFRuntimeUtils.addBeans(servletInfo.getInFaultInterceptors(), "inFaultInterceptor", endpointString, endpointType, jaxWsServerFactoryBean.getInFaultInterceptors()); diff --git a/integration-tests/client-server/pom.xml b/integration-tests/client-server/pom.xml index ac624481e..1e98c7dc2 100644 --- a/integration-tests/client-server/pom.xml +++ b/integration-tests/client-server/pom.xml @@ -58,6 +58,38 @@ + + org.apache.maven.plugins + maven-resources-plugin + + + + copy-resources-for-antora + compile + + copy-resources + + + + ${maven.multiModuleProjectDirectory}/docs/modules/ROOT/examples/client-server + + + src/main/resources + + application.properties + + + + src/main/java/io/quarkiverse/cxf/it/auth/basic + + BasicAuthHelloServiceImpl.java + + + + + + + diff --git a/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthHelloServiceImpl.java b/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthHelloServiceImpl.java index c5ac92777..d28c8f8be 100644 --- a/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthHelloServiceImpl.java +++ b/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthHelloServiceImpl.java @@ -8,10 +8,8 @@ @WebService(serviceName = "HelloService", targetNamespace = HelloService.NS) @RolesAllowed("app-user") public class BasicAuthHelloServiceImpl implements HelloService { - @Override public String hello(String person) { return "Hello " + person + "!"; } - } diff --git a/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthResource.java b/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthResource.java index 706db9194..cda02cc5d 100644 --- a/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthResource.java +++ b/integration-tests/client-server/src/main/java/io/quarkiverse/cxf/it/auth/basic/BasicAuthResource.java @@ -16,6 +16,12 @@ public class BasicAuthResource { @CXFClient("basicAuth") HelloService basicAuth; + @CXFClient("basicAuthAnonymous") + HelloService basicAuthAnonymous; + + @CXFClient("basicAuthBadUser") + HelloService basicAuthBadUser; + @CXFClient("basicAuthSecureWsdl") HelloService basicAuthSecureWsdl; @@ -27,6 +33,12 @@ public Response hello(String body, @PathParam("client") String client) { case "basicAuth": { yield basicAuth; } + case "basicAuthBadUser": { + yield basicAuthBadUser; + } + case "basicAuthAnonymous": { + yield basicAuthAnonymous; + } case "basicAuthSecureWsdl": { yield basicAuthSecureWsdl; } @@ -37,8 +49,18 @@ public Response hello(String body, @PathParam("client") String client) { try { return Response.ok(helloService.hello(body)).build(); } catch (Exception e) { - return Response.serverError().entity(e.getMessage()).build(); + Throwable rootCause = rootCause(e); + return Response.serverError().entity(rootCause.getMessage()).build(); + } + } + + private static Throwable rootCause(Exception e) { + e.printStackTrace(); + Throwable result = e; + while (result.getCause() != null) { + result = result.getCause(); } + return result; } } diff --git a/integration-tests/client-server/src/main/resources/application.properties b/integration-tests/client-server/src/main/resources/application.properties index 50f7ec8e5..959f16320 100644 --- a/integration-tests/client-server/src/main/resources/application.properties +++ b/integration-tests/client-server/src/main/resources/application.properties @@ -1,13 +1,15 @@ client-server.bob.password = bob234 # Basic auth global configuration +# tag::users-and-roles[] quarkus.http.auth.basic = true quarkus.security.users.embedded.enabled = true quarkus.security.users.embedded.plain-text = true quarkus.security.users.embedded.users.alice = alice123 quarkus.security.users.embedded.roles.alice = admin -quarkus.security.users.embedded.users.bob = ${client-server.bob.password} +quarkus.security.users.embedded.users.bob = bob234 quarkus.security.users.embedded.roles.bob = app-user +# end::users-and-roles[] quarkus.native.resources.includes = wsdl/* @@ -52,18 +54,30 @@ quarkus.cxf.client.application-properties-schema-validated-calculator.schema-val quarkus.cxf.endpoint."/basicAuth".implementor = io.quarkiverse.cxf.it.auth.basic.BasicAuthHelloServiceImpl quarkus.cxf.endpoint."/basicAuth".logging.enabled = true # Client +# tag::client-basic-auth[] quarkus.cxf.client.basicAuth.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl quarkus.cxf.client.basicAuth.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth quarkus.cxf.client.basicAuth.username = bob -quarkus.cxf.client.basicAuth.password = ${client-server.bob.password} +quarkus.cxf.client.basicAuth.password = bob234 +# end::client-basic-auth[] + +quarkus.cxf.client.basicAuthAnonymous.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl +quarkus.cxf.client.basicAuthAnonymous.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth + +quarkus.cxf.client.basicAuthBadUser.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl +quarkus.cxf.client.basicAuthBadUser.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuth +quarkus.cxf.client.basicAuthBadUser.username = alice +quarkus.cxf.client.basicAuthBadUser.password = alice123 # WSDL secured by basic auth quarkus.cxf.endpoint."/basicAuthSecureWsdl".implementor = io.quarkiverse.cxf.it.auth.basic.BasicAuthHelloServiceImpl quarkus.cxf.endpoint."/basicAuthSecureWsdl".in-interceptors = #wsdlBasicAuthInterceptor quarkus.cxf.endpoint."/basicAuthSecureWsdl".logging.enabled = true # Client +# tag::client-basic-auth-wsdl[] quarkus.cxf.client.basicAuthSecureWsdl.wsdl = http://localhost:${quarkus.http.test-port}/soap/basicAuth?wsdl quarkus.cxf.client.basicAuthSecureWsdl.client-endpoint-url = http://localhost:${quarkus.http.test-port}/soap/basicAuthSecureWsdl quarkus.cxf.client.basicAuthSecureWsdl.username = bob quarkus.cxf.client.basicAuthSecureWsdl.password = ${client-server.bob.password} quarkus.cxf.client.basicAuthSecureWsdl.secure-wsdl-access = true +# end::client-basic-auth-wsdl[] diff --git a/integration-tests/client-server/src/test/java/io/quarkiverse/cxf/it/auth/basic/wsdl/BasicAuthTest.java b/integration-tests/client-server/src/test/java/io/quarkiverse/cxf/it/auth/basic/wsdl/BasicAuthTest.java index 8ac942318..c35bdfee1 100644 --- a/integration-tests/client-server/src/test/java/io/quarkiverse/cxf/it/auth/basic/wsdl/BasicAuthTest.java +++ b/integration-tests/client-server/src/test/java/io/quarkiverse/cxf/it/auth/basic/wsdl/BasicAuthTest.java @@ -65,4 +65,29 @@ public void basicAuthGoodUser() { } + @Test + public void basicAuthBadUser() { + /* WSDL not secured by basic auth */ + RestAssured + .given() + .body("Mary") + .post("/client-server/basic-auth/basicAuthBadUser/hello") + .then() + .statusCode(500) + .body(Matchers.containsString("HTTP response '403: Forbidden'")); + + } + + @Test + public void basicAuthAnonymous() { + RestAssured + .given() + .body("Mary") + .post("/client-server/basic-auth/basicAuthAnonymous/hello") + .then() + .statusCode(500) + .body(Matchers.containsString("HTTP response '401: Unauthorized'")); + + } + }