Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-388

NPE in RampartUtil#setKeyIdentifierType (line #1389) wss (web service security options assertion) is null.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.6.2
    • Fix Version/s: None
    • Component/s: rampart-core
    • Labels:
      None

      Description

      When a security policy requires a token reference (instead of including the token directly) but there is no Wss10 or Wss11 assertion in the policy, Rampart throws a NPE in RampartUtil#setKeyIdentifierType (line #1389).
      Neither of the assertions is obligatory and all the configuration settings in those assertions are optional. Wss4j will by default usees Issuer+Serial reference identifier. As a workaround one could add an empty Wss10 or Wss11 assertion in the policy but this is an inconvenience and is absolutely unnecessary.

      A simple null check will solve the problem.

      Thanks,
      Stefan

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              chefo Stefan Vladov
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: