Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-139

SignatureToken doesn't work for Symetricbinding

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.3
    • 1.4
    • rampart-policy
    • None
    • Apacha Rampart client implementation
      Running on windows XP

    Description

      When invoking a ws-secured webservice with a policy that only includes a SignatureToken (no EncryptionToken) a nullpointerException is raised in RampartPolicyBuilder.java:288.
      the reason that this happens is that the policybuilder tries to load an encryption key while there is none provided.

      Here's the snippet from the original policy.xml:
      <sp:SignatureToken>
      <wsp:Policy>
      <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
      <wsp:Policy>
      <sp:RequireDerivedKeys/>
      <sp:RequireThumbprintReference/>
      <sp:WssX509V3Token10/>
      </wsp:Policy>
      </sp:X509Token>
      </wsp:Policy>
      </sp:SignatureToken>

      Than there is the error:
      Exception in thread "main" java.lang.NullPointerException
      at org.apache.rampart.policy.RampartPolicyBuilder.symmetricBinding(RampartPolicyBuilder.java:288)
      at org.apache.rampart.policy.RampartPolicyBuilder.processSymmetricPolicyBinding(RampartPolicyBuilder.java:158)
      at org.apache.rampart.policy.RampartPolicyBuilder.build(RampartPolicyBuilder.java:77)
      at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:206)
      at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:58)
      at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
      at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
      at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:377)
      at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:374)
      at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
      at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      ....
      and finally the code where all goes wrong:
      private static void symmetricBinding(SymmetricBinding binding,
      RampartPolicyData rpd) throws WSSPolicyException {
      Assertion token = binding.getProtectionToken();

      if (token != null)

      { rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken()); }

      else {
      token = binding.getEncryptionToken();
      Assertion token1 = binding.getSignatureToken();
      if (token == null && token1 == null)

      { // this is an error - throw something }

      /*

      • THIS IS WHERE IT HAPPENS, AN ENCRYPTION TOKEN IS LOADED WHILE NONE IS PROVIDED
        */
        rpd.setEncryptionToken(
        ((EncryptionToken) token).getEncryptionToken());
        rpd.setSignatureToken(((SignatureToken) token).getSignatureToken());
        }
        }

      Attachments

        Activity

          People

            nandana.cse Nandana Mihindukulasooriya
            thomasv Thomas Vandierendonck
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: