[jira] Updated: (WSS-185) NullPointerException on empty UsernameToken

Wed, 06 May 2009 03:38:05 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated WSS-185:
------------------------------------

    Fix Version/s: 1.6

> NullPointerException on empty UsernameToken
> -------------------------------------------
>
>                 Key: WSS-185
>                 URL: https://issues.apache.org/jira/browse/WSS-185
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.7
>         Environment: JDK 1.5
>            Reporter: Alex Suzuki
>            Assignee: Ruchith Udayanga Fernando
>             Fix For: 1.6
>
>
> An empty UsernameToken causes a NullPointerException in WSS4J. The 
> NullPointerException is explicitly thrown,
> not the result of a programming error.
> The only way for client code to handle this gracefully seems to be to catch 
> the NullPointerException and match the
> string 'illegal null input'. Perhaps returning an empty principal or throwing 
> an IllegalArgumentException would be
> more suitable.
> Stack trace:
> java.lang.NullPointerException: illegal null input
>       at 
> org.apache.ws.security.WSUsernameTokenPrincipal.<init>(WSUsernameTokenPrincipal.java:67)
>       at 
> org.apache.ws.security.WSSecurityEngine.handleUsernameToken(WSSecurityEngine.java:893)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:379)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:259)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:212)
>        ....
> Example fragment:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
>    <soapenv:Header>
>       <wsse:Security 
> soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next"; 
> soapenv:mustUnderstand="0" 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
>          <wsse:UsernameToken>
>             <wsse:Username></wsse:Username>
>             <wsse:Password></wsse:Password>
>          </wsse:UsernameToken>
>       </wsse:Security>
>    </soapenv:Header>
>    <soapenv:Body>
>         <!-- some body -->
>    </soapenv:Body>
> </soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to