[
https://issues.apache.org/jira/browse/RAMPART-290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
S.Uthaiyashankar reassigned RAMPART-290:
----------------------------------------
Assignee: S.Uthaiyashankar (was: Ruchith Udayanga Fernando)
> NullPointerException in RampartEngine.isSecurityFault if the incoming fault
> message contains an invalid fault code element
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-290
> URL: https://issues.apache.org/jira/browse/RAMPART-290
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.5
> Reporter: Dave Bryant
> Assignee: S.Uthaiyashankar
> Fix For: NextVersion
>
>
> Rampart evaluates incoming fault messages to see if they appear to be
> security faults, so that it knows if it should apply the security policy to
> them. Currently this causes a NullPointerException if the SOAP fault either
> doesn't contain a fault code, or contains a fault code that AXIOM fails to
> parse correctly.
> For example, the following message qualifies the faultcode element with the
> soap namespace. This is not expected by AXIOM so it returns null when the
> fault code is requested:
> {code:xml}
> <?xml version="1.0"?>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header/>
> <soap:Body>
> <soap:Fault>
> <soap:faultcode>Client</soap:faultcode>
> <soap:faultstring>Error Handling Incoming
> Document</soap:faultstring>
>
> <soap:faultactor>http://127.0.0.1:8080/web/SOAP/ITKIntegrationHandler.pws</soap:faultactor>
> <soap:detail>
> <ToolkitErrorInfo
> xmlns="http://www.nhs.cfh.org/interoperability.toolkit/ToolkitUtilities/1.0">
>
> <ErrorID>D1DFCE50-3749-11DF-A3A6-001111077E2C</ErrorID>
> <ErrorCode
> codeSystem="2.16.840.1.113883.2.1.3.2.4.17.999" displayName="Error Handling
> Incoming Document">999</ErrorCode>
> <ErrorText>Processing is already
> underway for a document with this ID (EB876DA7-19A0-40E4-9D01-866958D13653).
> On the fly document version changes are not yet supported</ErrorText>
> <ErrorDiagnosticText>9a.lang.Exception
> </ErrorDiagnosticText>
> </ToolkitErrorInfo>
> </soap:detail>
> </soap:Fault>
> </soap:Body>
> </soap:Envelope>
> {code}
> The null pointer exception then occurs in RampartEngine.isSecurityFault():
> {code}
> ...
> Caused by: java.lang.NullPointerException
> at org.apache.rampart.RampartEngine.isSecurityFault(RampartEngine.java:294)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:85)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> ...
> {code}
> I'm still investigating whether the failure to parse the fault code element
> is a bug in AXIOM or not, but in any case Rampart should not cause a null
> pointer exception if the fault code is not available.
> The following patch fixes the problem:
> {code}
> Index: src/main/java/org/apache/rampart/RampartEngine.java
> ===================================================================
> --- src/main/java/org/apache/rampart/RampartEngine.java (revision 62317)
> +++ src/main/java/org/apache/rampart/RampartEngine.java (working copy)
> @@ -291,17 +291,19 @@
> SOAPFaultCode faultCode = soapFault.getCode();
>
> // This is a fault processing the security header
> - if
> (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
> - return true;
> - }
> + if (faultCode != null &&
> faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
> + return true;
> + }
>
>
> } else if
> (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
>
> //TODO AXIOM API returns only one fault sub code, there can be
> many
> - SOAPFaultSubCode faultSubCode =
> soapFault.getCode().getSubCode();
> -
> - if (faultSubCode != null) {
> + final SOAPFaultCode faultCode = soapFault.getCode();
> + if (faultCode != null) {
> + SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
> +
> + if (faultSubCode != null) {
> SOAPFaultValue faultSubCodeValue =
> faultSubCode.getValue();
>
> // This is a fault processing the security header
> @@ -309,8 +311,8 @@
>
> faultSubCodeValue.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS))
> {
> return true;
> }
> - }
> -
> + }
> + }
> }
>
> return false;
> {code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]