Hi Gina, cross-posting between dev and user is almost never necessary,
everybody in the former group is in the latter.
Unless you get a response from someone else in the interim I would
submit a JIRA ticket regarding this item, preferably with an easily
reproducible test case (feel free to attach/modify my CXF STS tutorial
source code to the JIRA directly if it would help) that NPEs due to the
bug and doesn't NPE once fixed *or* a patch that clarifies what you're
looking for.
As you say, it may not just be an issue of checking for the NPE but a
logical inconsistency in the code that needs to get resolved, where a
security token is optional but nonetheless there is subsequent code
acting on that (nonexistent) security token.
Regards,
Glen
On 06/01/2012 07:29 PM, Gina Choi wrote:
I debugged my client to check following error messages that I am
receiving when I run client. I found cause for NPE. In
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.java,
we have doIssuedTokenSignature( Token token, SignedEncryptedParts
signdParts, TokenWrapper wrapper) method.
In line 403, getSecurityToken() is allowed to return null and in my
case value of secTok is null.
SecurityToken secTok = getSecurityToken();
protected SecurityToken getSecurityToken() {
SecurityToken st =
(SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
if (st == null) {
String id =
(String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (id != null) {
st = getTokenStore().getToken(id);
}
}
if (st != null) {
getTokenStore().add(st);
return st;
}
return null;
}
Following is content from line 424 to 441.
in line 429, secTok.getX509Certificate() is called without checking
value of secTok is null or not. This throws NPE in my case. Condition
should be checked. On the other hand, I might need to find way to
avoid having null value for SecurityToken .
if (signdParts != null) {
if (signdParts.isBody()) {
WSEncryptionPart bodyPart =
convertToEncryptionPart(SAAJUtils.getBody(saaj));
sigParts.add(bodyPart);
}
429: if (secTok.getX509Certificate() != null) {
//the "getX509Certificate" this is to workaround an
issue in WCF
//In WCF, for TransportBinding, in most cases, it
doesn't want any of
//the headers signed even if the policy says so.
HOWEVER, for KeyValue
//IssuedTokens, it DOES want them signed
for (Header header : signdParts.getHeaders()) {
WSEncryptionPart wep = new
WSEncryptionPart(header.getName(),
header.getNamespace(),
"Content");
sigParts.add(wep);
}
}
}
[INFO] --- exec-maven-plugin:1.2.1:exec (default-cli) @
cxf-sts-tutorial-client ---
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Fault
string, and possibly fault code, not set
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at $Proxy25.doubleIt(Unknown Source)
at client.WSClient.doubleIt(WSClient.java:18)
at client.WSClient.main(WSClient.java:11)
Caused by: java.lang.NullPointerException
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doIssuedTokenSignature(TransportBindingHandler.java:429)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:283)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingSupportingTokens(TransportBindingHandler.java:240)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:147)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:159)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:722)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 3 more
Thanks.
Gina
--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza
