[jira] Created: (RAMPART-290) NullPointerException in RampartEngine.isSecurityFault if the incoming fault message contains an invalid fault code element

Wed, 24 Mar 2010 19:23:51 -0700 

NullPointerException in RampartEngine.isSecurityFault if the incoming fault 
message contains an invalid fault code element
--------------------------------------------------------------------------------------------------------------------------

                 Key: RAMPART-290
                 URL: https://issues.apache.org/jira/browse/RAMPART-290
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.5
            Reporter: Dave Bryant
            Assignee: Ruchith Udayanga Fernando


Rampart evaluates incoming fault messages to see if they appear to be security 
faults, so that it knows if it should apply the security policy to them.  
Currently this causes a NullPointerException if the SOAP fault either doesn't 
contain a fault code, or contains a fault code that AXIOM fails to parse 
correctly.

For example, the following message qualifies the faultcode element with the 
soap namespace.  This is not expected by AXIOM so it returns null when the 
fault code is requested:

{code:xml}
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
        <soap:Header/>
        <soap:Body>
                <soap:Fault>
                        <soap:faultcode>Client</soap:faultcode>
                        <soap:faultstring>Error Handling Incoming 
Document</soap:faultstring>
                        
<soap:faultactor>http://127.0.0.1:8080/web/SOAP/ITKIntegrationHandler.pws</soap:faultactor>
                        <soap:detail>
                                <ToolkitErrorInfo 
xmlns="http://www.nhs.cfh.org/interoperability.toolkit/ToolkitUtilities/1.0";>
                                        
<ErrorID>D1DFCE50-3749-11DF-A3A6-001111077E2C</ErrorID>
                                        <ErrorCode 
codeSystem="2.16.840.1.113883.2.1.3.2.4.17.999" displayName="Error Handling 
Incoming Document">999</ErrorCode>
                                        <ErrorText>Processing is already 
underway for a document with this ID (EB876DA7-19A0-40E4-9D01-866958D13653). On 
the fly document version changes are not yet supported</ErrorText>
                                        <ErrorDiagnosticText>9a.lang.Exception
                                        </ErrorDiagnosticText>
                                </ToolkitErrorInfo>
                        </soap:detail>
                </soap:Fault>
        </soap:Body>
</soap:Envelope>
{code}

The null pointer exception then occurs in RampartEngine.isSecurityFault():

{code}
...
Caused by: java.lang.NullPointerException
at org.apache.rampart.RampartEngine.isSecurityFault(RampartEngine.java:294)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:85)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at 
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at 
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
...
{code}

I'm still investigating whether the failure to parse the fault code element is 
a bug in AXIOM or not, but in any case Rampart should not cause a null pointer 
exception if the fault code is not available.

The following patch fixes the problem:

{code}
Index: src/main/java/org/apache/rampart/RampartEngine.java
===================================================================
--- src/main/java/org/apache/rampart/RampartEngine.java (revision 62317)
+++ src/main/java/org/apache/rampart/RampartEngine.java (working copy)
@@ -291,17 +291,19 @@
                SOAPFaultCode faultCode = soapFault.getCode();
                
                // This is a fault processing the security header 
-                if 
(faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
-                   return true;
-                }
+            if (faultCode != null && 
faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+               return true;
+            }
                
                                
            } else if 
(soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
                
                //TODO AXIOM API returns only one fault sub code, there can be 
many
-               SOAPFaultSubCode faultSubCode = 
soapFault.getCode().getSubCode();
-               
-               if (faultSubCode != null) {
+               final SOAPFaultCode faultCode = soapFault.getCode();
+               if (faultCode != null) {
+                       SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
+                       
+                       if (faultSubCode != null) {
                        SOAPFaultValue faultSubCodeValue = 
faultSubCode.getValue();
                        
                        // This is a fault processing the security header 
@@ -309,8 +311,8 @@
                                
faultSubCodeValue.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS))
 {
                           return true;
                        }
-               }
-               
+                       }
+               }
            }
            
            return false;
{code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to