You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2009/05/06 12:39:30 UTC
[jira] Closed: (WSS-185) NullPointerException on empty
UsernameToken
[ https://issues.apache.org/jira/browse/WSS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-185.
-----------------------------------
Resolution: Fixed
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> NullPointerException on empty UsernameToken
> -------------------------------------------
>
> Key: WSS-185
> URL: https://issues.apache.org/jira/browse/WSS-185
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: JDK 1.5
> Reporter: Alex Suzuki
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6
>
>
> An empty UsernameToken causes a NullPointerException in WSS4J. The NullPointerException is explicitly thrown,
> not the result of a programming error.
> The only way for client code to handle this gracefully seems to be to catch the NullPointerException and match the
> string 'illegal null input'. Perhaps returning an empty principal or throwing an IllegalArgumentException would be
> more suitable.
> Stack trace:
> java.lang.NullPointerException: illegal null input
> at org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
> at org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
> ....
> Example fragment:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:UsernameToken>
> <wsse:Username></wsse:Username>
> <wsse:Password></wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <!-- some body -->
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org