[CXF-5011] Fix NPE in WSS4JInterceptor - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.7, 2.7.5
Component/s: WS-* Components
Labels:
- patch
Environment:

Problem occurs on all platforms

Estimated Complexity:
Moderate

Description

The tokens, when symmetric binding is used, are created with lifetime of 5 minutes. The callback handler code goes through all the tokens in the cache to get to the token id that matches the password callback's identifier field. If the token has expired, then cache implementation returns null and calling code does not have a check against null token and is causing NullPointerException (NPE).

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

wss4j_npe.patch
10/May/13 16:20
0.7 kB
Syed Abdul Wadood

Activity

People

Assignee:

Colm O hEigeartaigh

Reporter:

Syed Abdul Wadood

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

10/May/13 16:18

Updated:

14/Aug/13 15:50

Resolved:

10/May/13 17:05