NPE when no token delivered with SecurityPolicy?

Tue, 10 Aug 2010 06:17:49 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have a CXF SOAP service configured to require a SAML token. If I try
to access that service without a token, the server throws a NPE:

java.lang.NullPointerException
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenInInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:198)

The corresponding code line in IssuedTokenInterceptorProvider reads like
this:

 Vector results = (Vector)message.get(WSHandlerConstants.RECV_RESULTS);
 for (int i = 0; i < results.size(); i++) {
         WSHandlerResult rResult = (WSHandlerResult) results.get(i);
 [..]

Shouldn't this check for results being null like this:

 Vector results = null;
 if ((results = (Vector)message
                .get(WSHandlerConstants.RECV_RESULTS)) == null) {
        throw new RuntimeException("No security results!");
 }
 for (int i = 0; i < results.size(); i++) {
         WSHandlerResult rResult = (WSHandlerResult) results.get(i);

(maybe with something else than a RTE obviously)?

Maybe I have done something wrong in the server configuration, but the
execution never reaches my security callback to check the (even
non-existent) token but fails right at retrieving the RECV_RESULTS key
from the message context.

Any opinions?

Thanks,
Michael


- -- 
Dipl.-Technoinform Michael Kleinhenz

tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
Geschäftsführer: Boris Esser, Elmar Geese
HRB AG Bonn 5168 - USt-ID (VAT): DE122264941

Heilsbachstraße 24, 53123 Bonn,   Telefon: +49 228 52675-0
Thiemanstraße 36a,  12059 Berlin, Telefon: +49 30 5682943-30
Internet: http://www.tarent.de/ • Telefax: +49 228 52675-25
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMYVFUAAoJEDXyhJ6Q5l/L4nAH/2tyPtpBzRUdv0ZDTXXm9qEb
AjswlLV/M9OGYk791xe8iWjtxNeWpZ5NIp2YKCepIfs40QLBqlVuKz/dGn+htiSD
WGFrGYs894Mxu0XtORYErWo0g9mowLeHhHiyuCDx6fADxn3lNnT/mjMAe6tt/uPx
FF9ectTeu/Bb1FJUtCJSZhbialRnk7R0gCUW6QhhHQTKtSXqmRb1z2y/SH4A7cuk
KEq/KKHofSSTN1b+WPS2qfRJgtAzjXpKhmV9qiozQRAVxXYcmbekeuoYhRRuv5/D
441sVvvnhE9dj1yGwZ9RnVPK6GlvKC+FUwkpYaUvBEwCoCm/6TH/D6VBJfXYQ1U=
=QVqE
-----END PGP SIGNATURE-----

Reply via email to