[
https://issues.apache.org/jira/browse/CXF-4357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13288817#comment-13288817
]
Gina Choi commented on CXF-4357:
--------------------------------
I debugged my client to check following error messages that I am receiving
when I run client. I found cause for NPE. In
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.java,
we have doIssuedTokenSignature( Token token, SignedEncryptedParts
signdParts, TokenWrapper wrapper) method.
In line 403, getSecurityToken() is allowed to return null and in my case
value of secTok is null.
SecurityToken secTok = getSecurityToken();
protected SecurityToken getSecurityToken() {
SecurityToken st =
(SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
if (st == null) {
String id =
(String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (id != null) {
st = getTokenStore().getToken(id);
}
}
if (st != null) {
getTokenStore().add(st);
return st;
}
return null;
}
Following is content from line 424 to 441.
in line 429, secTok.getX509Certificate() is called without checking value
of secTok is null or not. This throws NPE in my case. Condition should be
checked. On the other hand, I might need to find way to avoid having null
value for SecurityToken .
if (signdParts != null) {
if (signdParts.isBody()) {
WSEncryptionPart bodyPart =
convertToEncryptionPart(SAAJUtils.getBody(saaj));
sigParts.add(bodyPart);
}
429: if (secTok.getX509Certificate() != null) {
//the "getX509Certificate" this is to workaround an issue
in WCF
//In WCF, for TransportBinding, in most cases, it doesn't
want any of
//the headers signed even if the policy says so. HOWEVER,
for KeyValue
//IssuedTokens, it DOES want them signed
for (Header header : signdParts.getHeaders()) {
WSEncryptionPart wep = new
WSEncryptionPart(header.getName(),
header.getNamespace(),
"Content");
sigParts.add(wep);
}
}
}
> NullPointerException
> --------------------
>
> Key: CXF-4357
> URL: https://issues.apache.org/jira/browse/CXF-4357
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.6
> Environment: Tomcat7.0.27, Apache CXF2.6.0, ADFS2.0 as STS
> Reporter: Gina Choi
> Priority: Critical
> Attachments: DoubleIt.wsdl, adfs_new_simple.wsdl, cxf.xml
>
>
> I have WSP, WSC and STS(ADFS2.0) environment.
> 1. WSP:
> Use SymmetricBinding and ProtectionToken is IssuedToken
> 2. STS: ADFS2.0
> use TransportBinding and client authentication is done via UT
> When I run client, I am getting following NPE. For details, please reference
> CXF-USER thread
> http://cxf.547215.n5.nabble.com/Proglem-with-loading-Apache-CXF-STS-with-UT-authentication-td5708523.html.
> If you need further information please reach me at [email protected]
> Caused by: java.lang.NullPointerException
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doIssuedTokenSignature(TransportBindingHandler.java:429)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:283)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingSupportingTokens(TransportBindingHandler.java:240)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:147)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:159)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:722)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
