[jira] [Updated] (RAMPART-414) Rampart throws an NullPointerException if no fault mappings are defined for a service.

Andreas Veithen (JIRA) Mon, 06 Feb 2017 02:30:07 -0800

     [ 
https://issues.apache.org/jira/browse/RAMPART-414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andreas Veithen updated RAMPART-414:
------------------------------------
    Labels:   (was: NPE, SoapFa timestamp)

> Rampart throws an NullPointerException if no fault mappings are defined for a 
> service.
> --------------------------------------------------------------------------------------
>
>                 Key: RAMPART-414
>                 URL: https://issues.apache.org/jira/browse/RAMPART-414
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.0
>         Environment: Linux, Rampart running with Axis2 1.6.0 under JBoss AS 
> 7.2
>            Reporter: Bill Resnicow
>
> When Rampart cannot validate a timestamp in a wsse security header, (the 
> timestamp is outside of the valid times) it should return a SoapFault for an 
> invalid timestamp.   But a NPE is thrown resulting in an HTTP 404 returned 
> instead.  This occurs if the web service operation has no fault mappings in 
> the axis services.xml file.  The NPE is below:
> 05-29-2014 10:24:47,505 ERROR 
> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/wintoe].[AxisServlet]]
>  (http-/0.0.0.0:8080-5) JBWEB000236: Servlet.service() for servlet 
> AxisServlet threw exception: java.lang.NullPointerException
>         at 
> org.apache.rampart.util.RampartUtil.getRampartConfigCallbackHandler(RampartUtil.java:218)
>  [rampart-core-1.6.0.jar:1.6.0]
>         at 
> org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:278) 
> [rampart-core-1.6.0.jar:1.6.0]
>         at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61) 
> [rampart-core-1.6.0.jar:1.6.0]
>         at 
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) 
> [rampart-core-1.6.0.jar:1.6.0]
>         at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) 
> [axis2-kernel-1.6.0.jar:1.6.0]
>         at org.apache.axis2.engine.Phase.invoke(Phase.java:313) 
> [axis2-kernel-1.6.0.jar:1.6.0]
>         at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) 
> [axis2-kernel-1.6.0.jar:1.6.0]
>         at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516) 
> [axis2-kernel-1.6.0.jar:1.6.0]
>         at 
> org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433) 
> [axis2-transport-http-1.6.0.jar:]
>         at 
> org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398)
>  [axis2-transport-http-1.6.0.jar:]
>         at 
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188) 
> [axis2-transport-http-1.6.0.jar:]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) 
> [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) 
> [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
>         at sun.reflect.GeneratedMethodAccessor44.invoke(Unknown Source) 
> [:1.7.0_51]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  [rt.jar:1.7.0_51]
>         at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
>         at 
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:280) 
> [jbossweb-7.2.0.Final-LM-1.jar:7.2.0.Final]
>         at 
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:278) 
> [jbossweb-7.2.0.Final-LM-1.jar:7.2.0.Final]
>         at java.security.AccessController.doPrivileged(Native Method) 
> [rt.jar:1.7.0_51]
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:536) 
> [rt.jar:1.7.0_51]
> Here are examples of 2 WSDL operations.  This one results in the NPE when the 
> timestamp in the security header is not valid:
> <operation name="QueryAllTransformationRequest" 
> mep="http://www.w3.org/ns/wsdl/in-out"; 
> namespace="http://.../MediationService";>
>       
> <actionMapping>http://....../MediationService/QueryAllTransformationRequest</actionMapping>
>       
> <outputActionMapping>http://..../MediationService/MediationPortType/QueryAllTransformationRequestResponse</outputActionMapping>
> </operation>
> If we add a faultActionMapping to the services.xml file for that operation, 
> then the NPE does not occur and the correct SoapFault is returned.
> This operation does not throw the NPE:
> <operation name="QuerySpecificTransformationRequest" 
> mep="http://www.w3.org/ns/wsdl/in-out"; 
> namespace="http://..../MediationService";>
>       
> <actionMapping>http://..../MediationService/QuerySpecificTransformationRequest</actionMapping>
>       
> <outputActionMapping>http://..../MediationService/MediationPortType/QuerySpecificTransformationRequestResponse</outputActionMapping>
>       <faultActionMapping 
> faultName="NoTransformationFoundFault">http://.../MediationService/MediationPortType/QuerySpecificTransformationRequest/Fault/NoTransformationFoundFault</faultActionMapping>
> </operation>



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (RAMPART-414) Rampart throws an NullPointerException if no fault mappings are defined for a service.

Reply via email to