Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-52

UsernameToken Builder Bug.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.2
    • 1.3
    • rampart-policy
    • None
    • Axis 1.2 and Rampart 1.2

    Description

      The class org.apache.ws.secpolicy.builders.UsernameTokenBuilder has an bug inside the build Method.

      This method tries to receive the include attribute of the usernameToken defined in a WS-Policy:

      OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
      String inclusionValue = attribute.getAttributeValue();

      The problem is, in WS-SecurityPolocy Specification [1], Chapter 6.3.1 defined, that this include token is optional!

      A Policy with UsernameToken without the include attribute will raises a NullPointer Exception.

      [1] http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf

      Attachments

        Activity

          People

            ruchith Ruchith B. Gunaratne
            stormer Jochen Zink
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: