NullPointerException on empty UsernameToken
-------------------------------------------
Key: WSS-185
URL: https://issues.apache.org/jira/browse/WSS-185
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.7
Environment: JDK 1.5
Reporter: Alex Suzuki
Assignee: Ruchith Udayanga Fernando
An empty UsernameToken causes a NullPointerException in WSS4J. The
NullPointerException is explicitly thrown,
not the result of a programming error.
The only way for client code to handle this gracefully seems to be to catch the
NullPointerException and match the
string 'illegal null input'. Perhaps returning an empty principal or throwing
an IllegalArgumentException would be
more suitable.
Stack trace:
java.lang.NullPointerException: illegal null input
at
org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
at
org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
....
Example fragment:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next";
soapenv:mustUnderstand="0"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:UsernameToken>
<wsse:Username></wsse:Username>
<wsse:Password></wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<!-- some body -->
</soapenv:Body>
</soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
