Colm - Thanx for the explanation, now it all makes sense. I'll keep an eye out for 2.7.13 then and see what I can do for a workaround in the meantime.
Thanx again, Stephen W. Chappell -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Thursday, July 17, 2014 6:01 AM To: [email protected] Subject: Re: NullPointer in ...sts.event.map.EventMapper Hi Stephen, This NPE is due to the fact that we don't validate "ActAs" tokens using a TokenValidator instance in the STS, only "OnBehalfOf" tokens (+ hence no principal is created for the token, causing the NPE). Unfortunately this fix is too late for the current release votes, and so it'll be fixed in the next set of releases: https://issues.apache.org/jira/browse/CXF-5885 Colm. On Wed, Jul 16, 2014 at 8:15 PM, <[email protected]> wrote: > Oops, sorry about the mangled source line in my original message. This > is the line the exception is referencing... > > map.put(KEYS.ONBEHALFOF_PRINCIPAL.name(), > params.getTokenRequirements().getActAs().getPrincipal().getName()); > > Stephen W. Chappell > > > -----Original Message----- > From: Chappell, Stephen CTR (FAA) > Sent: Wednesday, July 16, 2014 3:06 PM > To: [email protected] > Subject: NullPointer in ...sts.event.map.EventMapper > > I recently enabled audit logging in my STS (based on 2.7.12-SNAPSHOT), > by configuring eventListener in my TokenIssueOperation with an > org.apache.cxf.sts.event.map.EventMapper object. This works great in > most cases. But when my incoming RST contains an ActAs element, I get > a > NullPointerException: > > java.lang.NullPointerException > at > org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106) > at > org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70) > at > org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729) > at > org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233) > at > org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOpera > tion.java:83) > ... > > If I de-configure eventListener in my TokenIssueOperation I have no > issues. Looking over the handleEvent method, it looks like it is > referencing this line: > > > map.put< > http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk > /6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Objec > t%29 > >(KEYS< > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service > s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.j > ava#KEYS.0ACTAS_PRINCIPAL > >.ACTAS_PRINCIPAL< > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service > s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.j > ava#KEYS.0ACTAS_PRINCIPAL > >.name< > http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk > /6-b27/java/lang/Enum.java#Enum.name%28%29>(), > params.getTokenRequirements< > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service > s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/T > okenProviderParameters.java#TokenProviderParameters.getTokenRequiremen > ts%28%29 > >().getActAs< > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service > s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenReq > uirements.java#TokenRequirements.getActAs%28%29 > >().getPrincipal< > http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.service > s.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/Received > Token.java#ReceivedToken.getPrincipal%28%29 > >().getName< > http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk > /6-b27/java/security/Principal.java#Principal.getName%28%29 > >()); > > I haven't had a chance to track it much further than this, but it > looks like the event handler is either prematurely accessing the ActAs > token, or the ActAs token was read in and not parseable. The ActAs > element, in my case, contains a SAML 2 assertion previously issued by > this STS, so it should certainly be parseable, and in fact when I > disable audit logging everything works fine and completes normally. > I've been away for a few weeks, but my recollection is that this all worked > fine three weeks ago. > Has something changed in the snapshot? Any help or insight would be > appreciated, thanx! > > > Stephen W. Chappell > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
