cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Re: Proglem with loading Apache CXF STS with UT authentication
Date Fri, 01 Jun 2012 23:29:40 GMT
I debugged my client to check following error messages that I am receiving
when I run client. I found cause for NPE. In
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.java,
we have  doIssuedTokenSignature( Token token, SignedEncryptedParts
signdParts, TokenWrapper wrapper) method.

In line 403, getSecurityToken() is allowed to return null and in my case
value of secTok is null.

SecurityToken secTok = getSecurityToken();



    protected SecurityToken getSecurityToken() {
        SecurityToken st =
(SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
        if (st == null) {
            String id =
(String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
            if (id != null) {
                st = getTokenStore().getToken(id);
            }
        }
        if (st != null) {
            getTokenStore().add(st);
            return st;
        }
        return null;
    }



Following is content from  line 424 to 441.
in line 429, secTok.getX509Certificate() is called without checking value
of secTok is null or not. This throws NPE in my case. Condition should be
checked. On the other hand, I might need to find way to avoid having null
value for SecurityToken .

        if (signdParts != null) {
            if (signdParts.isBody()) {
                WSEncryptionPart bodyPart =
convertToEncryptionPart(SAAJUtils.getBody(saaj));
                sigParts.add(bodyPart);
            }
429:            if (secTok.getX509Certificate() != null) {
                //the "getX509Certificate" this is to workaround an issue
in WCF
                //In WCF, for TransportBinding, in most cases, it doesn't
want any of
                //the headers signed even if the policy says so.   HOWEVER,
for KeyValue
                //IssuedTokens, it DOES want them signed
                for (Header header : signdParts.getHeaders()) {
                    WSEncryptionPart wep = new
WSEncryptionPart(header.getName(),
                            header.getNamespace(),
                            "Content");
                    sigParts.add(wep);
                }
            }
        }





[INFO] --- exec-maven-plugin:1.2.1:exec (default-cli) @
cxf-sts-tutorial-client ---
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Fault
string, and possibly fault code, not set
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Caused by: java.lang.NullPointerException
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doIssuedTokenSignature(TransportBindingHandler.java:429)
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:283)
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingSupportingTokens(TransportBindingHandler.java:240)
        at
org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:147)
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:159)
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:722)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        ... 3 more


Thanks.

Gina

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message