UsernameToken Builder Bug.
--------------------------
Key: RAMPART-52
URL: https://issues.apache.org/jira/browse/RAMPART-52
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.2
Environment: Axis 1.2 and Rampart 1.2
Reporter: Jochen Zink
The class org.apache.ws.secpolicy.builders.UsernameTokenBuilder has an bug
inside the build Method.
This method tries to receive the include attribute of the usernameToken defined
in a WS-Policy:
OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
String inclusionValue = attribute.getAttributeValue();
The problem is, in WS-SecurityPolocy Specification [1], Chapter 6.3.1 defined,
that this include token is optional!
A Policy with UsernameToken without the include attribute will raises a
NullPointer Exception.
[1] http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
