* @throws Exception if an error occurs while running the test.
*/
@Test
public void testInvalidValidateRequests() throws Exception {
// first create a request that doesn't have a validate target element.
RequestSecurityToken request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST,
SAMLUtil.SAML2_TOKEN_TYPE, null);
Source requestMessage = this.createSourceFromRequest(request);
// invoke the token service.
try {
this.tokenService.invoke(requestMessage);
fail("An exception should have been raised by the security token service");
} catch (WebServiceException we) {
Throwable t = we.getCause();
assertNotNull("Unexpected null cause", t);
assertTrue("Unexpected cause type", t instanceof WSTrustException);
String msg = t.getMessage();
if (msg.contains("request does not have a validate target. Unable to validate token") == false)
throw new RuntimeException("Unexpected exception message");
}
// a request with an empty validate target should also result in a failure.
request.setValidateTarget(new ValidateTargetType());
requestMessage = this.createSourceFromRequest(request);
try {
this.tokenService.invoke(requestMessage);
fail("An exception should have been raised by the security token service");
} catch (WebServiceException we) {
Throwable t = we.getCause();
assertNotNull("Unexpected null cause", t);
assertTrue("Unexpected cause type", t instanceof ParsingException);
String msg = t.getMessage();
if (msg.contains("Unable to parse token request: security token is null") == false)
throw new RuntimeException("Unexpected exception message");
}
// a request to validate an unknown token (i.e. there's no provider can handle the token) should also fail.
request.getValidateTarget().add(this.createUnknownToken());
requestMessage = this.createSourceFromRequest(request);
try {
this.tokenService.invoke(requestMessage);
Source responseMessage = this.tokenService.invoke(requestMessage);
RequestSecurityTokenResponseCollection baseResponseColl = (RequestSecurityTokenResponseCollection) new WSTrustParser()