You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Stefan Vladov (JIRA)" <ji...@apache.org> on 2012/09/18 13:06:07 UTC

[jira] [Updated] (RAMPART-388) NPE in RampartUtil#setKeyIdentifierType (line #1389) wss (web service security options assertion) is null.

     [ https://issues.apache.org/jira/browse/RAMPART-388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Vladov updated RAMPART-388:
----------------------------------

    Description: 
When a security policy requires a token reference (instead of including the token directly) but there is no Wss10 or Wss11 assertion in the policy, Rampart throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
Neither of the assertions is obligatory and all the configuration settings in those assertions are optional. Wss4j will by default usees Issuer+Serial reference identifier. As a workaround one could add an empty Wss10 or Wss11 assertion in the policy but this is an inconvenience and is absolutely unnecessary.

A simple null check will solve the problem.

Thanks,
Stefan

  was:
When a security policy requires a token reference (instead of including the token directly) but there is no Wss10 or Wss11 assertion in the policy, Rampart throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
Neither of the assertions is obligatory and all the configuration settings in those assertions are optional. Wss4j will by default use Issuer+Serial reference identifier. As a workaround One could add an empty Wss10 or Wss11 assertion in the policy but this is an inconvenience and is absolutely unnecessary.

A simple null check will solve the problem.

Thanks,
Stefan

    
> NPE in RampartUtil#setKeyIdentifierType (line #1389) wss (web service security options assertion) is null.
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-388
>                 URL: https://issues.apache.org/jira/browse/RAMPART-388
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.2
>            Reporter: Stefan Vladov
>            Priority: Minor
>
> When a security policy requires a token reference (instead of including the token directly) but there is no Wss10 or Wss11 assertion in the policy, Rampart throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
> Neither of the assertions is obligatory and all the configuration settings in those assertions are optional. Wss4j will by default usees Issuer+Serial reference identifier. As a workaround one could add an empty Wss10 or Wss11 assertion in the policy but this is an inconvenience and is absolutely unnecessary.
> A simple null check will solve the problem.
> Thanks,
> Stefan

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org