[CXF-8139] SecurityToken, parsing the lifetime may cause a NullPointerException - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.6
Fix Version/s: 3.3.5, 3.2.12, 3.4.0
Component/s: STS
Labels:
None

Estimated Complexity:
Unknown

Description

According to http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html the wsu:Created and wsu:Expires are optional elements in /wst:RequestSecurityToken/wst:Lifetime.

When creating the org.apache.cxf.ws.security.tokenstore.SecurityToken using a lifetime Element where not both (created and expired) elements are set, a NullPointerException is thrown as there is no null-check on the child elements of the lifetime element.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Daniel Baumann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Oct/19 13:43

Updated:: 15/Jan/20 10:23

Resolved:: 31/Oct/19 15:08