Hi,
I'm forwarding this for one of my colleagues as he isn't subscribed to the mailing list, this used to work in an older version of the CVS (way older).
===
I think I have found a bug in org.apache.ws.security.message.token.UsernameToken, more specifically with the getName() function.
When you send an empty string as a user name in a request, the getName() function throws a NullPointerException.
This is because in the code, the first child node of the elementUsername is requested and then, without checking for nullness, the data is asked of this supposedly always existing child element.
However, when an empty string is sent as username, this child element does not exist, causing the Exception to occur.
I have included a patch file that simply returns an empty string when this child element is not present (meaning effectively that an empty string was passed as username).
It may be worth mentioning that all over the UsernameToken class this assumption is made, leading to many more potential null-pointer exceptions when a certain child element is not present. For some reason, the check for a non-existing child is only made in getPassword(). All the set-methods will suffer the same nullpointerexception when being called, as the setData() is called upon the result of getFirstNode().
The affected function (that I can see) are:
setName
getNonce
setNonce
getCreated
setCreated
setPassword
and of course getName(), for which the patch is supplied and a similar solution could be applied to the get-methods.
Can someone look into this and preferably integrate this patch into CVS?
With Kind Regards,
Erik Vanherck
---------
Erik Vanherck - System Programmer & Designer
Inventive Designers
Visit http://www.inventivedesigners.com
Visit http://www.inventivedesigners.com/scriptura for Scriptura information !
Phone: +32 - 3 - 8210170
Fax: +32 - 3 - 8210171
Email: [EMAIL PROTECTED]
"Computers in the future may weigh no more than 1.5 tons." - Popular Mechanics, forecasting the relentless march of science, 1949
Inventive Designers' Email Disclaimer:
http://www.inventivedesigners.com/email-disclaimer
Index: UsernameToken.java
===================================================================
RCS file:
/home/cvspublic/ws-fx/wss4j/src/org/apache/ws/security/message/token/UsernameToken.java,v
retrieving revision 1.13
diff -u -r1.13 UsernameToken.java
--- UsernameToken.java 31 Oct 2004 08:11:17 -0000 1.13
+++ UsernameToken.java 26 Apr 2005 10:35:35 -0000
@@ -201,7 +201,10 @@
*/
public String getName() {
if (this.elementUsername != null) {
- return getFirstNode(this.elementUsername).getData();
+ Text node = getFirstNode(this.elementUsername);
+ if(node != null) {
+ return node != null ? node.getData() : "";
+ }
}
return null;
}
