Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.2
-
None
-
Axis 1.2 and Rampart 1.2
Description
The class org.apache.ws.secpolicy.builders.UsernameTokenBuilder has an bug inside the build Method.
This method tries to receive the include attribute of the usernameToken defined in a WS-Policy:
OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
String inclusionValue = attribute.getAttributeValue();
The problem is, in WS-SecurityPolocy Specification [1], Chapter 6.3.1 defined, that this include token is optional!
A Policy with UsernameToken without the include attribute will raises a NullPointer Exception.
[1] http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf