[jira] [Created] (RAMPART-414) Rampart throws an NullPointerException if no fault mappings are defined for a service.

Bill Resnicow (JIRA) Fri, 30 May 2014 07:17:48 -0700

Bill Resnicow created RAMPART-414:
-------------------------------------

             Summary: Rampart throws an NullPointerException if no fault 
mappings are defined for a service.
                 Key: RAMPART-414
                 URL: https://issues.apache.org/jira/browse/RAMPART-414
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.6.0
         Environment: Linux, Rampart running with Axis2 1.6.0 under JBoss AS 7.2
            Reporter: Bill Resnicow



When Rampart cannot validate a timestamp in a wsse security header, (the 
timestamp is outside of the valid times) it should return a SoapFault for an 
invalid timestamp.   But a NPE is thrown resulting in an HTTP 404 returned 
instead.  This occurs if the web service operation has no fault mappings in the 
axis services.xml file.  The NPE is below:

05-29-2014 10:24:47,505 ERROR 
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/wintoe].[AxisServlet]]
 (http-/0.0.0.0:8080-5) JBWEB000236: Servlet.service() for servlet AxisServlet 
threw exception: java.lang.NullPointerException
        at 
org.apache.rampart.util.RampartUtil.getRampartConfigCallbackHandler(RampartUtil.java:218)
 [rampart-core-1.6.0.jar:1.6.0]
        at 
org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:278) 
[rampart-core-1.6.0.jar:1.6.0]
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61) 
[rampart-core-1.6.0.jar:1.6.0]
        at 
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) 
[rampart-core-1.6.0.jar:1.6.0]
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) 
[axis2-kernel-1.6.0.jar:1.6.0]
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313) 
[axis2-kernel-1.6.0.jar:1.6.0]
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) 
[axis2-kernel-1.6.0.jar:1.6.0]
        at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516) 
[axis2-kernel-1.6.0.jar:1.6.0]
        at 
org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433) 
[axis2-transport-http-1.6.0.jar:]
        at 
org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398)
 [axis2-transport-http-1.6.0.jar:]
        at 
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188) 
[axis2-transport-http-1.6.0.jar:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) 
[jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) 
[jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
        at sun.reflect.GeneratedMethodAccessor44.invoke(Unknown Source) 
[:1.7.0_51]
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 [rt.jar:1.7.0_51]
        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:280) 
[jbossweb-7.2.0.Final-LM-1.jar:7.2.0.Final]
        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:278) 
[jbossweb-7.2.0.Final-LM-1.jar:7.2.0.Final]
        at java.security.AccessController.doPrivileged(Native Method) 
[rt.jar:1.7.0_51]
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:536) 
[rt.jar:1.7.0_51]

Here are examples of 2 WSDL operations.  This one results in the NPE when the 
timestamp in the security header is not valid:
<operation name="QueryAllTransformationRequest" 
mep="http://www.w3.org/ns/wsdl/in-out"; namespace="http://.../MediationService";>
        
<actionMapping>http://....../MediationService/QueryAllTransformationRequest</actionMapping>
        
<outputActionMapping>http://..../MediationService/MediationPortType/QueryAllTransformationRequestResponse</outputActionMapping>
</operation>

If we add a faultActionMapping to the services.xml file for that operation, 
then the NPE does not occur and the correct SoapFault is returned.

This operation does not throw the NPE:
<operation name="QuerySpecificTransformationRequest" 
mep="http://www.w3.org/ns/wsdl/in-out"; namespace="http://..../MediationService";>
        
<actionMapping>http://..../MediationService/QuerySpecificTransformationRequest</actionMapping>
        
<outputActionMapping>http://..../MediationService/MediationPortType/QuerySpecificTransformationRequestResponse</outputActionMapping>
        <faultActionMapping 
faultName="NoTransformationFoundFault">http://.../MediationService/MediationPortType/QuerySpecificTransformationRequest/Fault/NoTransformationFoundFault</faultActionMapping>
</operation>




--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (RAMPART-414) Rampart throws an NullPointerException if no fault mappings are defined for a service.

Reply via email to