[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: [jira] [Created] (WSS-654) WSSecurityUtil throws NPE when security manager is enabled
From: "Jim Ma (Jira)" <jira () apache ! org>
Date: 2019-09-05 11:48:00
Message-ID: JIRA.13254979.1567684050000.5972.1567684080156 () Atlassian ! JIRA
[Download RAW message or body]
Jim Ma created WSS-654:
--------------------------
Summary: WSSecurityUtil throws NPE when security manager is enabled
Key: WSS-654
URL: https://issues.apache.org/jira/browse/WSS-654
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 2.2.4
Reporter: Jim Ma
Assignee: Colm O hEigeartaigh
Fix For: 2.2.5
When security manager is enabled, the WSSecurityUtils throws NPE by a \
AccessControlException : {code:java}
2019-09-05 11:41:46,602 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default \
task-1) Interceptor for \
{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue \
has thrown exception, unwinding now: java.lang.NullPointerException at \
java.xml/com.sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(ParentNode.java:300)
at java.xml/com.sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNode.java:287)
at org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:319)
at org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:438)
at org.apache.ws.security//org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165)
at org.apache.cxf.ws-security@3.3.2//org.apache.cxf.ws.security.wss4j.PolicyBasedWSS \
4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:144)
at org.apache.cxf.ws-security@3.3.2//org.apache.cxf.ws.security.wss4j.PolicyBasedWSS \
4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109)
at org.apache.cxf.ws-security@3.3.2//org.apache.cxf.ws.security.wss4j.PolicyBasedWSS \
4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96)
at org.apache.cxf@3.3.2//org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
{code}
The root cause for this NPE is AccessControlException of Permission check failed \
(permission "("java.lang.RuntimePermission" \
"accessClassInPackage.com.sun.org.apache.xerces.internal.dom")" {code:java}
"accessClassInPackage.com.sun.org.apache.xerces.internal.dom")"
2019-09-05 11:41:37,366 ERROR [stderr] (default task-1) at \
java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238) \
2019-09-05 11:41:37,368 ERROR [stderr] (default task-1) at \
java.base/java.lang.Class.checkPackageAccess(Class.java:2870) 2019-09-05 11:41:37,369 \
ERROR [stderr] (default task-1) at \
java.base/java.lang.Class.checkMemberAccess(Class.java:2851) 2019-09-05 11:41:37,370 \
ERROR [stderr] (default task-1) at \
java.base/java.lang.Class.getMethod(Class.java:2105) 2019-09-05 11:41:37,371 ERROR \
[stderr] (default task-1) at \
org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.getDomElement(WSSecurityUtil.java:641)
2019-09-05 11:41:37,372 ERROR [stderr] (default task-1) at \
org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:312)
2019-09-05 11:41:37,372 ERROR [stderr] (default task-1) at \
org.apache.ws.security//org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:438)
2019-09-05 11:41:37,373 ERROR [stderr] (default task-1) at \
org.apache.ws.security//org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165)
{code}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic