svn commit: r1136913 - /webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java

[coheigea]

Author: coheigea
Date: Fri Jun 17 15:41:16 2011
New Revision: 1136913

URL: http://svn.apache.org/viewvc?rev=1136913&view=rev
Log:
Avoid a NPE when parsing a SAML Assertion with no (expected) Secret Key

Modified:
    
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java

Modified: 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1136913&r1=1136912&r2=1136913&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
 (original)
+++ 
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
 Fri Jun 17 15:41:16 2011
@@ -216,8 +216,11 @@ public class SecurityTokenRefSTRParser i
         }
         SAMLKeyInfo samlKi = 
             SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, 
bspCompliant);
-        // TODO Handle malformed SAML tokens where they don't have the 
-        // secret in them
+        if (samlKi == null) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new 
Object[] {"No Secret Key"}
+            );
+        }
         return samlKi.getSecret();
     }