[
https://issues.apache.org/jira/browse/WSS-654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jim Ma closed WSS-654.
----------------------
Resolution: Not A Problem
> WSSecurityUtil throws NPE when security manager is enabled
> ----------------------------------------------------------
>
> Key: WSS-654
> URL: https://issues.apache.org/jira/browse/WSS-654
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Jim Ma
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Attachments: WSS-654.patch
>
>
> When security manager is enabled, the WSSecurityUtils throws NPE by a
> AccessControlException :
> {code:java}
> 2019-09-05 11:41:46,602 WARNING [org.apache.cxf.phase.PhaseInterceptorChain]
> (default task-1) Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now: java.lang.NullPointerException
> at
> java.xml/com.sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(ParentNode.java:300)
> at
> java.xml/com.sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNode.java:287)
> at
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:319)
> at
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:438)
> at
> org.apache.ws.security//org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165)
> at
> [email protected]//org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:144)
> at
> [email protected]//org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109)
> at
> [email protected]//org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96)
> at
> [email protected]//org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> {code}
> The root cause for this NPE is AccessControlException of Permission check
> failed (permission "("java.lang.RuntimePermission"
> "accessClassInPackage.com.sun.org.apache.xerces.internal.dom")"
> {code:java}
> "accessClassInPackage.com.sun.org.apache.xerces.internal.dom")"
> 2019-09-05 11:41:37,366 ERROR [stderr] (default task-1) at
> java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238)
> 2019-09-05 11:41:37,368 ERROR [stderr] (default task-1) at
> java.base/java.lang.Class.checkPackageAccess(Class.java:2870)
> 2019-09-05 11:41:37,369 ERROR [stderr] (default task-1) at
> java.base/java.lang.Class.checkMemberAccess(Class.java:2851)
> 2019-09-05 11:41:37,370 ERROR [stderr] (default task-1) at
> java.base/java.lang.Class.getMethod(Class.java:2105)
> 2019-09-05 11:41:37,371 ERROR [stderr] (default task-1) at
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.getDomElement(WSSecurityUtil.java:641)
> 2019-09-05 11:41:37,372 ERROR [stderr] (default task-1) at
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:312)
> 2019-09-05 11:41:37,372 ERROR [stderr] (default task-1) at
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:438)
> 2019-09-05 11:41:37,373 ERROR [stderr] (default task-1) at
> org.apache.ws.security//org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
