Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-414

Rampart throws an NullPointerException if no fault mappings are defined for a service.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.6.0
    • Fix Version/s: None
    • Component/s: rampart-core
    • Labels:
      None
    • Environment:
      Linux, Rampart running with Axis2 1.6.0 under JBoss AS 7.2

      Description

      When Rampart cannot validate a timestamp in a wsse security header, (the timestamp is outside of the valid times) it should return a SoapFault for an invalid timestamp. But a NPE is thrown resulting in an HTTP 404 returned instead. This occurs if the web service operation has no fault mappings in the axis services.xml file. The NPE is below:

      05-29-2014 10:24:47,505 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/wintoe].[AxisServlet]] (http-/0.0.0.0:8080-5) JBWEB000236: Servlet.service() for servlet AxisServlet threw exception: java.lang.NullPointerException
      at org.apache.rampart.util.RampartUtil.getRampartConfigCallbackHandler(RampartUtil.java:218) [rampart-core-1.6.0.jar:1.6.0]
      at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:278) [rampart-core-1.6.0.jar:1.6.0]
      at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61) [rampart-core-1.6.0.jar:1.6.0]
      at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) [rampart-core-1.6.0.jar:1.6.0]
      at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) [axis2-kernel-1.6.0.jar:1.6.0]
      at org.apache.axis2.engine.Phase.invoke(Phase.java:313) [axis2-kernel-1.6.0.jar:1.6.0]
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) [axis2-kernel-1.6.0.jar:1.6.0]
      at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516) [axis2-kernel-1.6.0.jar:1.6.0]
      at org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433) [axis2-transport-http-1.6.0.jar:]
      at org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398) [axis2-transport-http-1.6.0.jar:]
      at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188) [axis2-transport-http-1.6.0.jar:]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
      at sun.reflect.GeneratedMethodAccessor44.invoke(Unknown Source) [:1.7.0_51]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51]
      at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
      at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:280) [jbossweb-7.2.0.Final-LM-1.jar:7.2.0.Final]
      at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:278) [jbossweb-7.2.0.Final-LM-1.jar:7.2.0.Final]
      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_51]
      at javax.security.auth.Subject.doAsPrivileged(Subject.java:536) [rt.jar:1.7.0_51]

      Here are examples of 2 WSDL operations. This one results in the NPE when the timestamp in the security header is not valid:
      <operation name="QueryAllTransformationRequest" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://.../MediationService">
      <actionMapping>http://....../MediationService/QueryAllTransformationRequest</actionMapping>
      <outputActionMapping>http://..../MediationService/MediationPortType/QueryAllTransformationRequestResponse</outputActionMapping>
      </operation>

      If we add a faultActionMapping to the services.xml file for that operation, then the NPE does not occur and the correct SoapFault is returned.

      This operation does not throw the NPE:
      <operation name="QuerySpecificTransformationRequest" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://..../MediationService">
      <actionMapping>http://..../MediationService/QuerySpecificTransformationRequest</actionMapping>
      <outputActionMapping>http://..../MediationService/MediationPortType/QuerySpecificTransformationRequestResponse</outputActionMapping>
      <faultActionMapping faultName="NoTransformationFoundFault">http://.../MediationService/MediationPortType/QuerySpecificTransformationRequest/Fault/NoTransformationFoundFault</faultActionMapping>
      </operation>

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bresnicow Bill Resnicow
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: