[
https://issues.apache.org/jira/browse/CXF-2899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888955#action_12888955
]
Ravi Luthra commented on CXF-2899:
----------------------------------
Here is the working code, after I'll put what it was when it didn't work:
Map<String, Object> props = endpointImpl.getProperties();
if (props == null) {
props = new HashMap<String, Object>();
endpointImpl.setProperties(props);
}
for (final WSFeature feature : getWsFeatures()) { // non-CXF
if (feature instanceof SecurityPolicyFeatures) {// non-CXF
final SecurityPolicyFeatures spf = (SecurityPolicyFeatures)
feature;// non-CXF
final SSLClientAuthConfigurator signingAndDecrypting = spf//
non-CXF
.getKeyStoreInfo();// non-CXF
final SSLClientAuthConfigurator verifyingAndEncrypting = spf//
non-CXF
.getTrustStoreInfo();// non-CXF
// Set up the Merlin properties, assign them to the web
// service via properties
props.put("ws-security.signature.properties",
getMerlinPropertiesFor(signingAndDecrypting));
props.put("ws-security.encryption.properties",
getMerlinPropertiesFor(verifyingAndEncrypting));
props.put("ws-security.callback-handler",
new CallbackHandler() {
@Override
public void handle(Callback[] callbacks)
throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc =
(WSPasswordCallback) callbacks[i];
pc.setPassword(signingAndDecrypting
.getKeystorePassword());
}
}
});
}
}
or (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc =
(WSPasswordCallback) callbacks[i];
pc.setPassword(signingAndDecrypting
.getKeystorePassword());
/**
* Constructing Merlin properties for configuration as described here:
* http:/
* /fusesource.com/docs/framework/2.2/security/MsgProtect-SOAP-ProvideKeys
* .html and here: http://cxf.apache.org/docs/ws-securitypolicy.html
* Other members in this package can call this.
* @param keyStoreInfo
* @return a configured crypto (uses Merlin from WSSJ)
*/
public static Properties getMerlinPropertiesFor(
final SSLClientAuthConfigurator keyStoreInfo) {
final Properties props = new Properties();
props.put("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
props.put("org.apache.ws.security.crypto.merlin.keystore.password",
keyStoreInfo.getKeystorePassword());
props.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
props.put("org.apache.ws.security.crypto.merlin.file", keyStoreInfo
.getKeystoreLocation());
props.put("org.apache.ws.security.crypto.merlin.keystore.alias",
keyStoreInfo.getKeystoreAlias());
return props;
}
Before the non-working code only had the following different (notice usage of
.crypto an the constructor call):
props.put("ws-security.signature.crypto",
new
Merlin(getMerlinPropertiesFor(signingAndDecrypting)));
props.put("ws-security.encryption.crypto",
new
Merlin(getMerlinPropertiesFor(verifyingAndEncrypting)));
I will try to attach a test soon (is that normally a diff attachment?)
Thanks
> NPE in WSS4J due to null Cryptos when using ws-security.*.crypto instead of
> ws-security.*.properties
> ----------------------------------------------------------------------------------------------------
>
> Key: CXF-2899
> URL: https://issues.apache.org/jira/browse/CXF-2899
> Project: CXF
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 2.2.9
> Environment: All apply, but this was discovered on 64bit Ubuntu
> Reporter: Ravi Luthra
>
> Null pointer exception in the given stack trace (see below). Turns out the
> Crypto objects are null which is caused by a documentation issue on this page:
> http://cxf.apache.org/docs/ws-securitypolicy.html
> I originally implemented my properties at runtime (using Java code directly)
> by setting up the Crypto object directly (using the Merlin class) and used
> the properties on the above mentioned URL: ws-security.signature.crypto and
> ws-security.encryption.crypto. These properties work until the stack reaches
> into the WSS4J boundary. The fix was to use the properties
> ws-security.signature.properties and ws-security.encryption.properties as
> these are the ones considered during the hand-off to WSS4J, not the
> ws-security.*.crypto properties. The stack trace went away when I used the
> other properties.
> java.lang.NullPointerException
> at
> org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:92)
> at
> org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:105)
> at
> org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:81)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:110)
> at
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:98)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:423)
> ... Unrelated portion of stack
> The fix I am asking for is a fix in the documentation next to the .crypto
> properties.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
