]
Alessio Soldano updated JBWS-1948:
----------------------------------
Fix Version/s: jbossws-native-2.0.4
Optional SOAP Header element is required by WSSecurityHandlerServer
handler.
----------------------------------------------------------------------------
Key: JBWS-1948
URL:
http://jira.jboss.com/jira/browse/JBWS-1948
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.2
Reporter: S?awomir Wojtasiak
Assigned To: Alessio Soldano
Fix For: jbossws-native-2.0.4
Attachments: patch.txt
When jbossws is configured to "use
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer" JaxWS handler, all
SOAP messages have to contain optional Header element. Messages which do not contain this
element causes NullPointerException.
Class: WSSecurityDispatcher
Method: public static void handleInbound(CommonMessageContext ctx) throws SOAPException,
SOAPFaultException
// soapHeader is null for messages without header element.
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
QName secQName = new QName(Constants.WSSE_NS, "Security");
// Method findElement try to use soapHeader without checking against null first and
causes NullPointerException.
Element secHeaderElement = Util.findElement(soapHeader, secQName);
Workaround:
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
Element secHeaderElement = null;
if( soapHeader != null ) {
QName secQName = new QName(Constants.WSSE_NS, "Security");
secHeaderElement = Util.findElement(soapHeader, secQName);
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: