'[jira] [Commented] (WSS-654) WSSecurityUtil throws NPE when security manager is enabled'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ws-general
Subject:    [jira] [Commented] (WSS-654) WSSecurityUtil throws NPE when security manager is enabled
From:       "Jim Ma (Jira)" <jira () apache ! org>
Date:       2019-09-16 12:47:00
Message-ID: JIRA.13254979.1567684050000.68149.1568638020101 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930515#comment-16930515 \
] 

Jim Ma commented on WSS-654:
----------------------------

It looks this issue is already fixed by [~coheigea] in wss4j 2.2.4.  Sorry for the \
noise. 

> WSSecurityUtil throws NPE when security manager is enabled
> ----------------------------------------------------------
> 
> Key: WSS-654
> URL: https://issues.apache.org/jira/browse/WSS-654
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Jim Ma
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Attachments: WSS-654.patch
> 
> 
> When security manager is enabled, the WSSecurityUtils throws NPE by a \
> AccessControlException : {code:java}
> 2019-09-05 11:41:46,602 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] \
> (default task-1) Interceptor for \
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue \
> has thrown exception, unwinding now: java.lang.NullPointerException  at \
> java.xml/com.sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(ParentNode.java:300)
>   at java.xml/com.sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNode.java:287)
>   at org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:319)
>   at org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:438)
>   at org.apache.ws.security//org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165)
>   at org.apache.cxf.ws-security@3.3.2//org.apache.cxf.ws.security.wss4j.PolicyBasedW \
> SS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:144)
>   at org.apache.cxf.ws-security@3.3.2//org.apache.cxf.ws.security.wss4j.PolicyBasedW \
> SS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109)
>   at org.apache.cxf.ws-security@3.3.2//org.apache.cxf.ws.security.wss4j.PolicyBasedW \
> SS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96)
>   at org.apache.cxf@3.3.2//org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>  {code}
> The root cause for this NPE is AccessControlException of Permission check failed \
> (permission "("java.lang.RuntimePermission" \
> "accessClassInPackage.com.sun.org.apache.xerces.internal.dom")" {code:java}
> "accessClassInPackage.com.sun.org.apache.xerces.internal.dom")"
> 2019-09-05 11:41:37,366 ERROR [stderr] (default task-1) 	at \
> java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238) \
> 2019-09-05 11:41:37,368 ERROR [stderr] (default task-1) 	at \
> java.base/java.lang.Class.checkPackageAccess(Class.java:2870) 2019-09-05 \
> 11:41:37,369 ERROR [stderr] (default task-1) 	at \
> java.base/java.lang.Class.checkMemberAccess(Class.java:2851) 2019-09-05 \
> 11:41:37,370 ERROR [stderr] (default task-1) 	at \
> java.base/java.lang.Class.getMethod(Class.java:2105) 2019-09-05 11:41:37,371 ERROR \
> [stderr] (default task-1) 	at \
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.getDomElement(WSSecurityUtil.java:641)
>  2019-09-05 11:41:37,372 ERROR [stderr] (default task-1) 	at \
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:312)
>  2019-09-05 11:41:37,372 ERROR [stderr] (default task-1) 	at \
> org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:438)
>  2019-09-05 11:41:37,373 ERROR [stderr] (default task-1) 	at \
> org.apache.ws.security//org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165)
>  {code}



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic