[
https://issues.apache.org/jira/browse/RAMPART-388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Vladov updated RAMPART-388:
----------------------------------
Description:
When a security policy requires a token reference (instead of including the
token directly) but there is no Wss10 or Wss11 assertion in the policy, Rampart
throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
Neither of the assertions is obligatory and all the configuration settings in
those assertions are optional. Wss4j will by default usees Issuer+Serial
reference identifier. As a workaround one could add an empty Wss10 or Wss11
assertion in the policy but this is an inconvenience and is absolutely
unnecessary.
A simple null check will solve the problem.
Thanks,
Stefan
was:
When a security policy requires a token reference (instead of including the
token directly) but there is no Wss10 or Wss11 assertion in the policy, Rampart
throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
Neither of the assertions is obligatory and all the configuration settings in
those assertions are optional. Wss4j will by default use Issuer+Serial
reference identifier. As a workaround One could add an empty Wss10 or Wss11
assertion in the policy but this is an inconvenience and is absolutely
unnecessary.
A simple null check will solve the problem.
Thanks,
Stefan
> NPE in RampartUtil#setKeyIdentifierType (line #1389) wss (web service
> security options assertion) is null.
> ----------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-388
> URL: https://issues.apache.org/jira/browse/RAMPART-388
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Reporter: Stefan Vladov
> Priority: Minor
>
> When a security policy requires a token reference (instead of including the
> token directly) but there is no Wss10 or Wss11 assertion in the policy,
> Rampart throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
> Neither of the assertions is obligatory and all the configuration settings in
> those assertions are optional. Wss4j will by default usees Issuer+Serial
> reference identifier. As a workaround one could add an empty Wss10 or Wss11
> assertion in the policy but this is an inconvenience and is absolutely
> unnecessary.
> A simple null check will solve the problem.
> Thanks,
> Stefan
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
