[jbossws-issues] [JBoss JIRA] Created: (JBWS-1948) Optional SOAP Header element is required by WSSecurityHandlerServer handler.
Sławomir Wojtasiak (JIRA)
jira-events at lists.jboss.org
Wed Jan 9 04:23:43 EST 2008
Optional SOAP Header element is required by WSSecurityHandlerServer handler.
----------------------------------------------------------------------------
Key: JBWS-1948
URL: http://jira.jboss.com/jira/browse/JBWS-1948
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: ws-security
Affects Versions: jbossws-2.0.2
Reporter: Sławomir Wojtasiak
When jbossws is configured to "use org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer" JaxWS handler, all SOAP messages have to contain optional Header element. Messages which do not contain this element causes NullPointerException.
Class: WSSecurityDispatcher
Method: public static void handleInbound(CommonMessageContext ctx) throws SOAPException, SOAPFaultException
// soapHeader is null for messages without header element.
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
QName secQName = new QName(Constants.WSSE_NS, "Security");
// Method findElement try to use soapHeader without checking against null first and causes NullPointerException.
Element secHeaderElement = Util.findElement(soapHeader, secQName);
Workaround:
SOAPHeader soapHeader = soapMessage.getSOAPHeader();
Element secHeaderElement = null;
if( soapHeader != null ) {
QName secQName = new QName(Constants.WSSE_NS, "Security");
secHeaderElement = Util.findElement(soapHeader, secQName);
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list