[jira] Created: (RAMPART-139) SignatureToken doesn't work for Symetricbinding

Mon, 11 Feb 2008 02:48:42 -0800 

SignatureToken doesn't work for Symetricbinding
-----------------------------------------------

                 Key: RAMPART-139
                 URL: https://issues.apache.org/jira/browse/RAMPART-139
             Project: Rampart
          Issue Type: Bug
          Components: rampart-policy
    Affects Versions: 1.3
         Environment: Apacha Rampart client implementation
Running on windows XP
            Reporter: Thomas Vandierendonck


When invoking a ws-secured webservice with a policy that only includes a 
SignatureToken (no EncryptionToken) a nullpointerException is raised in 
RampartPolicyBuilder.java:288.
the reason that this happens is that the policybuilder tries to load an 
encryption key while there is none provided.

Here's the snippet from the original policy.xml:
<sp:SignatureToken>
                                                <wsp:Policy>
                                                  <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
                                                                <wsp:Policy>
                                                                  
<sp:RequireDerivedKeys/>
                                                                        
<sp:RequireThumbprintReference/>
                                                                        
<sp:WssX509V3Token10/>
                                                                </wsp:Policy>
                                                        </sp:X509Token>
                                                </wsp:Policy>
                                        </sp:SignatureToken>

Than there is the error:
Exception in thread "main" java.lang.NullPointerException
        at 
org.apache.rampart.policy.RampartPolicyBuilder.symmetricBinding(RampartPolicyBuilder.java:288)
        at 
org.apache.rampart.policy.RampartPolicyBuilder.processSymmetricPolicyBinding(RampartPolicyBuilder.java:158)
        at 
org.apache.rampart.policy.RampartPolicyBuilder.build(RampartPolicyBuilder.java:77)
        at 
org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:206)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:58)
        at 
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:377)
        at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:374)
        at 
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
        at 
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
....
and finally the code where all goes wrong:
private static void symmetricBinding(SymmetricBinding binding,
            RampartPolicyData rpd) throws WSSPolicyException {
        Assertion token = binding.getProtectionToken();
        
        if (token != null) {
            
rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());
        } else {
            token = binding.getEncryptionToken();
            Assertion token1 = binding.getSignatureToken();
            if (token == null && token1 == null) {
                // this is an error - throw something
            }
/*
* THIS IS WHERE IT HAPPENS, AN ENCRYPTION TOKEN IS LOADED WHILE NONE IS PROVIDED
*/ 
            rpd.setEncryptionToken(
                    ((EncryptionToken) token).getEncryptionToken());
            rpd.setSignatureToken(((SignatureToken) token).getSignatureToken());
        }
    }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to