ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-560) NullPointerException in WSSecEncrypt when encrypted header element has attributes
Date Wed, 04 Nov 2015 15:36:27 GMT

    [ https://issues.apache.org/jira/browse/WSS-560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14989731#comment-14989731
] 

Colm O hEigeartaigh commented on WSS-560:
-----------------------------------------

I'll normally cut a WSS4J release before the next CXF release - as long as there are enough
changes in WSS4J to warrant a release. I guess you can just monitor the CXF list and ask then
if a WSS4J release is going to be done when the next CXF release is almost ready.

Colm.

> NullPointerException in WSSecEncrypt when encrypted header element has attributes
> ---------------------------------------------------------------------------------
>
>                 Key: WSS-560
>                 URL: https://issues.apache.org/jira/browse/WSS-560
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Handlers
>    Affects Versions: 2.0.6, 2.1.4
>            Reporter: Ross M. Lodge
>            Assignee: Colm O hEigeartaigh
>            Priority: Critical
>             Fix For: 2.0.7, 2.1.5, 2.2.0
>
>         Attachments: WSS-560-2.0.6.patch, WSS-560-2.1.4.patch, WSS-560-Test-2.0.6.patch,
WSS-560-Test-2.1.4.patch
>
>
> If any header to be encrypted has an attribute that doesn't have an explicit namespace
(which would include any unqualified attributes, which for me is almost all of them), WSSecEncrypt
throws an NPE:
> {code:title=Exception|borderStyle=solid}
> org.apache.wss4j.common.ext.WSSecurityException: null
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.createEncryptedHeaderElement(WSSecEncrypt.java:711)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encryptElement(WSSecEncrypt.java:667)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:417)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:255)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encrypt(WSSecEncrypt.java:221)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:199)
> 	at org.apache.wss4j.dom.message.EncryptionPartsTest.testSOAPEncryptedHeaderWithAttributes(EncryptionPartsTest.java:321)
> {code}
> This is because Node.getNamespaceURI() returns null, and the code checks with:
> {code:title=WSSecEncrypt.java Excerpt|borderStyle=solid}
>             if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
>                 || attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {     
                   
> {code}
> Solution is to switch the equals condition:
> {code:title=WSSecEncrypt.java Fix|borderStyle=solid}
>             if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
>                 || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
> {code}
> I'm adding four patches:
> - a test for code vs. version 2.0.6
> - code fix vs. version 2.0.6
> - a test for code vs. version 2.1.4
> - a code fix vs. version 2.1.4



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message