Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5011

Fix NPE in WSS4JInterceptor

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.7, 2.7.5
    • Component/s: WS-* Components
    • Labels:
    • Environment:

      Problem occurs on all platforms

    • Estimated Complexity:
      Moderate

      Description

      The tokens, when symmetric binding is used, are created with lifetime of 5 minutes. The callback handler code goes through all the tokens in the cache to get to the token id that matches the password callback's identifier field. If the token has expired, then cache implementation returns null and calling code does not have a check against null token and is causing NullPointerException (NPE).

        Attachments

        1. wss4j_npe.patch
          0.7 kB
          Syed Abdul Wadood

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              sawadood Syed Abdul Wadood
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: