[
http://jira.jboss.com/jira/browse/JBWS-1948?page=comments#action_12412618 ]
Norbert Schollum commented on JBWS-1948:
----------------------------------------
hi, can sbd give a link to the specification, which exactly defines that:
if a outgoing request has wsse headers, the incoming response is required to have those
headers also ?
Optional SOAP Header element is required by WSSecurityHandlerServer
handler.
----------------------------------------------------------------------------
Key: JBWS-1948
URL:
http://jira.jboss.com/jira/browse/JBWS-1948
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.2
Reporter: S?awomir Wojtasiak
Assigned To: Alessio Soldano
Fix For: jbossws-native-3.0.1
Attachments: patch.txt
When jbossws is configured to "use
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer" JaxWS handler, all
SOAP messages have to contain optional Header element. Messages which do not contain this
element causes NullPointerException.
Class: WSSecurityDispatcher
Method: public static void handleInbound(CommonMessageContext ctx) throws SOAPException,
SOAPFaultException
// soapHeader is null for messages without header element.
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
QName secQName = new QName(Constants.WSSE_NS, "Security");
// Method findElement try to use soapHeader without checking against null first and
causes NullPointerException.
Element secHeaderElement = Util.findElement(soapHeader, secQName);
Workaround:
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
Element secHeaderElement = null;
if( soapHeader != null ) {
QName secQName = new QName(Constants.WSSE_NS, "Security");
secHeaderElement = Util.findElement(soapHeader, secQName);
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira