You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Dave Bryant (JIRA)" <ji...@apache.org> on 2010/03/25 03:23:27 UTC

[jira] Created: (RAMPART-290) NullPointerException in RampartEngine.isSecurityFault if the incoming fault message contains an invalid fault code element

NullPointerException in RampartEngine.isSecurityFault if the incoming fault message contains an invalid fault code element
--------------------------------------------------------------------------------------------------------------------------

                 Key: RAMPART-290
                 URL: https://issues.apache.org/jira/browse/RAMPART-290
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.5
            Reporter: Dave Bryant
            Assignee: Ruchith Udayanga Fernando


Rampart evaluates incoming fault messages to see if they appear to be security faults, so that it knows if it should apply the security policy to them.  Currently this causes a NullPointerException if the SOAP fault either doesn't contain a fault code, or contains a fault code that AXIOM fails to parse correctly.

For example, the following message qualifies the faultcode element with the soap namespace.  This is not expected by AXIOM so it returns null when the fault code is requested:

{code:xml}
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
	<soap:Header/>
	<soap:Body>
		<soap:Fault>
			<soap:faultcode>Client</soap:faultcode>
			<soap:faultstring>Error Handling Incoming Document</soap:faultstring>
			<soap:faultactor>http://127.0.0.1:8080/web/SOAP/ITKIntegrationHandler.pws</soap:faultactor>
			<soap:detail>
				<ToolkitErrorInfo xmlns="http://www.nhs.cfh.org/interoperability.toolkit/ToolkitUtilities/1.0">
					<ErrorID>D1DFCE50-3749-11DF-A3A6-001111077E2C</ErrorID>
					<ErrorCode codeSystem="2.16.840.1.113883.2.1.3.2.4.17.999" displayName="Error Handling Incoming Document">999</ErrorCode>
					<ErrorText>Processing is already underway for a document with this ID (EB876DA7-19A0-40E4-9D01-866958D13653). On the fly document version changes are not yet supported</ErrorText>
					<ErrorDiagnosticText>9a.lang.Exception
					</ErrorDiagnosticText>
				</ToolkitErrorInfo>
			</soap:detail>
		</soap:Fault>
	</soap:Body>
</soap:Envelope>
{code}

The null pointer exception then occurs in RampartEngine.isSecurityFault():

{code}
...
Caused by: java.lang.NullPointerException
at org.apache.rampart.RampartEngine.isSecurityFault(RampartEngine.java:294)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:85)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
...
{code}

I'm still investigating whether the failure to parse the fault code element is a bug in AXIOM or not, but in any case Rampart should not cause a null pointer exception if the fault code is not available.

The following patch fixes the problem:

{code}
Index: src/main/java/org/apache/rampart/RampartEngine.java
===================================================================
--- src/main/java/org/apache/rampart/RampartEngine.java	(revision 62317)
+++ src/main/java/org/apache/rampart/RampartEngine.java	(working copy)
@@ -291,17 +291,19 @@
 	        SOAPFaultCode faultCode = soapFault.getCode();
 	        
 	        // This is a fault processing the security header 
-                if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
-                   return true;
-                }
+            if (faultCode != null && faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+               return true;
+            }
 	        
 	        	        
 	    } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
 	        
 	        //TODO AXIOM API returns only one fault sub code, there can be many
-	        SOAPFaultSubCode faultSubCode = soapFault.getCode().getSubCode();
-	        
-	        if (faultSubCode != null) {
+	    	final SOAPFaultCode faultCode = soapFault.getCode();
+	    	if (faultCode != null) {
+		        SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
+		        
+		        if (faultSubCode != null) {
         	        SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
         	        
         	        // This is a fault processing the security header 
@@ -309,8 +311,8 @@
         	                faultSubCodeValue.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
         	           return true;
         	        }
-	        }
-	        
+		        }
+	    	}
 	    }
 	    
 	    return false;
{code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.