[
https://issues.apache.org/jira/browse/RAMPART-388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski updated RAMPART-388:
------------------------------------
Fix Version/s: 1.8.0
> NPE in RampartUtil#setKeyIdentifierType (line #1389) wss (web service
> security options assertion) is null.
> ----------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-388
> URL: https://issues.apache.org/jira/browse/RAMPART-388
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Reporter: Stefan Vladov
> Priority: Minor
> Fix For: 1.8.0
>
>
> When a security policy requires a token reference (instead of including the
> token directly) but there is no Wss10 or Wss11 assertion in the policy,
> Rampart throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
> Neither of the assertions is obligatory and all the configuration settings in
> those assertions are optional. Wss4j will by default usees Issuer+Serial
> reference identifier. As a workaround one could add an empty Wss10 or Wss11
> assertion in the policy but this is an inconvenience and is absolutely
> unnecessary.
> A simple null check will solve the problem.
> Thanks,
> Stefan
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
