[
https://issues.apache.org/jira/browse/RAMPART-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510607
]
Jochen Zink commented on RAMPART-52:
------------------------------------
Thanks a lot!
> UsernameToken Builder Bug.
> --------------------------
>
> Key: RAMPART-52
> URL: https://issues.apache.org/jira/browse/RAMPART-52
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Axis 1.2 and Rampart 1.2
> Reporter: Jochen Zink
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.3
>
>
> The class org.apache.ws.secpolicy.builders.UsernameTokenBuilder has an bug
> inside the build Method.
> This method tries to receive the include attribute of the usernameToken
> defined in a WS-Policy:
> OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
> String inclusionValue = attribute.getAttributeValue();
> The problem is, in WS-SecurityPolocy Specification [1], Chapter 6.3.1
> defined, that this include token is optional!
> A Policy with UsernameToken without the include attribute will raises a
> NullPointer Exception.
> [1] http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
