[jira] Commented: (WSS-185) NullPointerException on empty UsernameToken

Wed, 06 May 2009 03:26:06 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12706368#action_12706368
 ] 

Colm O hEigeartaigh commented on WSS-185:
-----------------------------------------


I'll fix the WSUsernameTokenPrincipal on trunk to take a null username. 
However, to guard against null usernames/passwords, your callback handler 
implementation should throw an exception in the USERNAME_PASSWORD_UNKNOWN case 
for a null username/password.

> NullPointerException on empty UsernameToken
> -------------------------------------------
>
>                 Key: WSS-185
>                 URL: https://issues.apache.org/jira/browse/WSS-185
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.7
>         Environment: JDK 1.5
>            Reporter: Alex Suzuki
>            Assignee: Ruchith Udayanga Fernando
>
> An empty UsernameToken causes a NullPointerException in WSS4J. The 
> NullPointerException is explicitly thrown,
> not the result of a programming error.
> The only way for client code to handle this gracefully seems to be to catch 
> the NullPointerException and match the
> string 'illegal null input'. Perhaps returning an empty principal or throwing 
> an IllegalArgumentException would be
> more suitable.
> Stack trace:
> java.lang.NullPointerException: illegal null input
>       at 
> org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
>       at 
> org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
>        ....
> Example fragment:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
>    <soapenv:Header>
>       <wsse:Security 
> soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next"; 
> soapenv:mustUnderstand="0" 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
>          <wsse:UsernameToken>
>             <wsse:Username></wsse:Username>
>             <wsse:Password></wsse:Password>
>          </wsse:UsernameToken>
>       </wsse:Security>
>    </soapenv:Header>
>    <soapenv:Body>
>         <!-- some body -->
>    </soapenv:Body>
> </soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to