NPE when sending packet to STS using default namespaces instead of namespace
prefixes
-------------------------------------------------------------------------------------
Key: CXF-3539
URL: https://issues.apache.org/jira/browse/CXF-3539
Project: CXF
Issue Type: Bug
Components: Core
Affects Versions: 2.4
Reporter: Alistair Phipps
common/common/src/main/java/org/apache/cxf/staxutils/StaxSource#getAttributes()
sets the "localname" to null for default namespaces changes. However, when
this is set it causes JAXB binding to throw an NPE in
com.sun.xml.internal.bind.v2.util.QNameMap.hash(). This occurs when creating
an STS using the CXF STS provider framework and sending a RST packet which uses
default namespaces instead of namespace prefixes.
A workaround that seems to work for the STS is setting the localname to ""
instead of null, however I'm not sure what other effects that might have.
Example packet:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:s="http://www.w3.org/2001/XMLSchema";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><SOAP-ENV:Header><Security
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><Timestamp
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp"><Created>2011-05-19T20:25:45.197Z</Created><Expires>2011-05-19T20:30:45.197Z</Expires></Timestamp><BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
wsu:Id="SecurityToken">...snip...</BinarySecurityToken><Signature
xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference
URI="#Timestamp"><Transforms><Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>...snip...</DigestValue></Reference></SignedInfo><SignatureValue>...snip...</SignatureValue><KeyInfo><SecurityTokenReference
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><Reference
URI="#SecurityToken"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></SecurityTokenReference></KeyInfo></Signature></Security></SOAP-ENV:Header><SOAP-ENV:Body><RequestSecurityToken
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
xmlns:s="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><SecondaryParameters><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType></SecondaryParameters><RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</RequestType><AppliesTo
xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy";><EndpointReference
xmlns="http://www.w3.org/2005/08/addressing";><Address>...snip...</Address></EndpointReference></AppliesTo><KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</KeyType><KeySize>256</KeySize></RequestSecurityToken></SOAP-ENV:Body></SOAP-ENV:Envelope>
Example stacktrace:
java.lang.NullPointerException
at com.sun.xml.internal.bind.v2.util.QNameMap.hash(QNameMap.java:201)
at com.sun.xml.internal.bind.v2.util.QNameMap.getEntry(QNameMap.java:452
)
at com.sun.xml.internal.bind.v2.util.QNameMap.get(QNameMap.java:147)
[note: 2nd param(s1) = null]
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.StructureLoader.sta
rtElement(StructureLoader.java:187)
[note: s1 = attributes.getLocalName(i); . .... = null]
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.ProxyLoader.startEl
ement(ProxyLoader.java:44)
at com.sun.xml.internal.bind.v2.runtime.ElementBeanInfoImpl$IntercepterL
oader.startElement(ElementBeanInfoImpl.java:226)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContex
t._startElement(UnmarshallingContext.java:470)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContex
t.startElement(UnmarshallingContext.java:448)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.InterningXmlVisitor
.startElement(InterningXmlVisitor.java:60)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.SAXConnector.startE
lement(SAXConnector.java:137)
at org.apache.cxf.staxutils.StaxSource.parse(StaxSource.java:138)
at org.apache.cxf.staxutils.StaxSource.parse(StaxSource.java:270)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.un
marshal0(UnmarshallerImpl.java:200)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.un
marshal(UnmarshallerImpl.java:173)
at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnm
arshallerImpl.java:120)
at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnm
arshallerImpl.java:103)
at org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.
convertToJAXBObject(SecurityTokenServiceProvider.java:255)
at org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.
invoke(SecurityTokenServiceProvider.java:182)
at org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.
invoke(SecurityTokenServiceProvider.java:64)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
