You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Alex Suzuki (JIRA)" <ji...@apache.org> on 2009/05/05 13:13:30 UTC
[jira] Created: (WSS-185) NullPointerException on empty
UsernameToken
NullPointerException on empty UsernameToken
-------------------------------------------
Key: WSS-185
URL: https://issues.apache.org/jira/browse/WSS-185
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.7
Environment: JDK 1.5
Reporter: Alex Suzuki
Assignee: Ruchith Udayanga Fernando
An empty UsernameToken causes a NullPointerException in WSS4J. The NullPointerException is explicitly thrown,
not the result of a programming error.
The only way for client code to handle this gracefully seems to be to catch the NullPointerException and match the
string 'illegal null input'. Perhaps returning an empty principal or throwing an IllegalArgumentException would be
more suitable.
Stack trace:
java.lang.NullPointerException: illegal null input
at org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
at org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
....
Example fragment:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username></wsse:Username>
<wsse:Password></wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<!-- some body -->
</soapenv:Body>
</soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Updated: (WSS-185) NullPointerException on empty
UsernameToken
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-185:
------------------------------------
Fix Version/s: 1.6
> NullPointerException on empty UsernameToken
> -------------------------------------------
>
> Key: WSS-185
> URL: https://issues.apache.org/jira/browse/WSS-185
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: JDK 1.5
> Reporter: Alex Suzuki
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.6
>
>
> An empty UsernameToken causes a NullPointerException in WSS4J. The NullPointerException is explicitly thrown,
> not the result of a programming error.
> The only way for client code to handle this gracefully seems to be to catch the NullPointerException and match the
> string 'illegal null input'. Perhaps returning an empty principal or throwing an IllegalArgumentException would be
> more suitable.
> Stack trace:
> java.lang.NullPointerException: illegal null input
> at org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
> at org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
> ....
> Example fragment:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:UsernameToken>
> <wsse:Username></wsse:Username>
> <wsse:Password></wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <!-- some body -->
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-185) NullPointerException on empty
UsernameToken
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12706368#action_12706368 ]
Colm O hEigeartaigh commented on WSS-185:
-----------------------------------------
I'll fix the WSUsernameTokenPrincipal on trunk to take a null username. However, to guard against null usernames/passwords, your callback handler implementation should throw an exception in the USERNAME_PASSWORD_UNKNOWN case for a null username/password.
> NullPointerException on empty UsernameToken
> -------------------------------------------
>
> Key: WSS-185
> URL: https://issues.apache.org/jira/browse/WSS-185
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: JDK 1.5
> Reporter: Alex Suzuki
> Assignee: Ruchith Udayanga Fernando
>
> An empty UsernameToken causes a NullPointerException in WSS4J. The NullPointerException is explicitly thrown,
> not the result of a programming error.
> The only way for client code to handle this gracefully seems to be to catch the NullPointerException and match the
> string 'illegal null input'. Perhaps returning an empty principal or throwing an IllegalArgumentException would be
> more suitable.
> Stack trace:
> java.lang.NullPointerException: illegal null input
> at org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
> at org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
> ....
> Example fragment:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:UsernameToken>
> <wsse:Username></wsse:Username>
> <wsse:Password></wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <!-- some body -->
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Closed: (WSS-185) NullPointerException on empty
UsernameToken
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-185.
-----------------------------------
Resolution: Fixed
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> NullPointerException on empty UsernameToken
> -------------------------------------------
>
> Key: WSS-185
> URL: https://issues.apache.org/jira/browse/WSS-185
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: JDK 1.5
> Reporter: Alex Suzuki
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6
>
>
> An empty UsernameToken causes a NullPointerException in WSS4J. The NullPointerException is explicitly thrown,
> not the result of a programming error.
> The only way for client code to handle this gracefully seems to be to catch the NullPointerException and match the
> string 'illegal null input'. Perhaps returning an empty principal or throwing an IllegalArgumentException would be
> more suitable.
> Stack trace:
> java.lang.NullPointerException: illegal null input
> at org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
> at org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
> ....
> Example fragment:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:UsernameToken>
> <wsse:Username></wsse:Username>
> <wsse:Password></wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <!-- some body -->
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org