cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ravi Luthra (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-2899) NPE in WSS4J due to null Cryptos when using ws-security.*.crypto instead of ws-security.*.properties
Date Thu, 15 Jul 2010 20:06:49 GMT
NPE in WSS4J due to null Cryptos when using ws-security.*.crypto instead of ws-security.*.properties
----------------------------------------------------------------------------------------------------

                 Key: CXF-2899
                 URL: https://issues.apache.org/jira/browse/CXF-2899
             Project: CXF
          Issue Type: Bug
          Components: Documentation
    Affects Versions: 2.2.9
         Environment: All apply, but this was discovered on 64bit Ubuntu
            Reporter: Ravi Luthra


Null pointer exception in the given stack trace (see below). Turns out the Crypto objects
are null which is caused by a documentation issue on this page:
http://cxf.apache.org/docs/ws-securitypolicy.html

I originally implemented my properties at runtime (using Java code directly) by setting up
the Crypto object directly (using the Merlin class) and used the properties on the above mentioned
URL: ws-security.signature.crypto and ws-security.encryption.crypto. These properties work
until the stack reaches into the WSS4J boundary. The fix was to use the properties ws-security.signature.properties
and ws-security.encryption.properties as these are the ones considered during the hand-off
to WSS4J, not the ws-security.*.crypto properties. The stack trace went away when I used the
other properties.

java.lang.NullPointerException
	at org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:92)
	at org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:105)
	at org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:81)
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:110)
	at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:98)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:423)
... Unrelated portion of stack


The fix I am asking for is a fix in the documentation next to the .crypto properties.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message