Announcement Announcement Module
Collapse
No announcement yet.
getting a npe Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • getting a npe

    I am having a problem getting an npe as referenced in another thread (which was getting really long). Having done some more research it looks like it happens in DefaulttimestampValidator.java, at line 41

    Date expired = parseDate(utcRequest.getExpired());

    while trying to verifyInboundMessage.


    This happens when my security policy inbound is:
    Code:
    <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:Timestamp timeout="120"/>
    <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="true"/>
    </xwss:SecurityConfiguration>
    and outbound is
    Code:
    <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:Timestamp timeout="120"/>
    <xwss:UsernameToken digestPassword="false" useNonce="true"/>
    </xwss:SecurityConfiguration>
    If I change useNonce to false, it works.

    I can see in the console that the timestamp for nonce only has created, not expired

    Code:
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1159216970175594217203">
    <wsse:Username>Bert</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">lNS7NMI3OJWQ8WtjNiB0AuFS</wsse:Nonce>
    <wsu:Created>2006-09-25T20:42:50Z</wsu:Created>
    </wsse:UsernameToken>
    Any idea why?
    Last edited by farrellr; Sep 25th, 2006, 04:05 PM. Reason: add detail

  • #2
    Looks like a bug i can solve. Can you file one in JIRA?

    Comment


    • #3
      Jira opened

      I opened it in Jira
      Thanks Arjen.
      Last edited by farrellr; Sep 26th, 2006, 05:43 AM. Reason: typo

      Comment


      • #4
        progress

        Hi Arjen,
        Since the expired attribute for the token is optional, is there any chance
        you can do in a near term nightly build to not throw an exception if it is not there. I realize that there might be more to do (to put the expired information if it should be there) but it would help me make progress in testing security other than plain text and password, and seems like it should work that way anyway.
        Thanks for your help.

        Comment


        • #5
          Sure, can you add this request to the issue as a comment? I will look at it tomorrow/this weekend. (Private life? Who needs it )

          Comment


          • #6
            The issue has been fixed.

            Comment


            • #7
              excellent - thanks again

              Thanks Arjen - I appreciate it.
              I'll grab the next nightly build.
              ... Rich

              Comment


              • #8
                working well

                Thanks again Arjen.
                I've tested security with nonce, with and without digestPassword - and all seems good. I appreciate the quick turn around.
                ... Rich

                Comment

                Working...
                X