Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5011

Fix NPE in WSS4JInterceptor

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • None
    • 2.6.7, 2.7.5
    • WS-* Components
    • Problem occurs on all platforms

    • Moderate

    Description

      The tokens, when symmetric binding is used, are created with lifetime of 5 minutes. The callback handler code goes through all the tokens in the cache to get to the token id that matches the password callback's identifier field. If the token has expired, then cache implementation returns null and calling code does not have a check against null token and is causing NullPointerException (NPE).

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            sawadood Syed Abdul Wadood
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment