jax-ws
  1. jax-ws
  2. JAX_WS-1121

NPE generating a response for an invalid SOAP request

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2.8
    • Fix Version/s: None
    • Component/s: runtime
    • Labels:
      None

      Description

      Class com.sun.xml.ws.api.message.Packet, line 969 looks like this:

      String inputAction = AddressingUtils.getAction(this.getMessage().getMessageHeaders(), addressingVersion, soapVersion);

      For an invalid SOAP request getMessage() returns null, so the client gets this SOAP fault instead of whatever fault it should get with WS-Policy in place:
      <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope">
      <S:Body>
      <S:Fault xmlns:ns4="http://schemas.xmlsoap.org/soap/envelope/">
      <S:Code>
      <S:Value>S:Receiver</S:Value>
      </S:Code>
      <S:Reason>
      <S:Text xml:lang="en">java.lang.NullPointerException</S:Text>
      </S:Reason>
      </S:Fault>
      </S:Body>
      </S:Envelope>

      At least the real cause is expected, like
      unexpected XML tag. expected:

      {http://www.w3.org/2003/05/soap-envelope}

      Body but found:

      {XXX}

      YYY

      Steps to reproduce:
      1. Setup metro 2.3

      2. Run one of the examples. I was testing something related to WS-Security so I used samples/ws-security/mcs. I modified WSDL (samples/ws-security/src/mcs/etc/service/PingService.wsdl) to remove encryption by commenting out all <sp:EncryptedParts> elements.

      3. Create a new soapUI project from the sample's wsdl.

      4. Create a new request, for example, and send it to the service

      <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:dab="http://xmlsoap.org/DAB">
      <soap:Header/>
      <soap:Body>
      <dab:Department>
      <dab:companyName>a</dab:companyName>
      <dab:departmentName>b</dab:departmentName>
      </dab:Department2>
      </soap:Body>
      </soap:Envelope>

      5. Observe the service response (signed SOAP fault):
      <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
      <S:Header>
      <wsse:Security S:mustUnderstand="true">
      ...
      </wsse:Security>
      </S:Header>
      <S:Body wsu:Id="_5002">
      <ns4:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope" xmlns:ns3="http://schemas.xmlsoap.org/soap/envelope/">
      <ns4:Code>
      <ns4:Value>ns4:Sender</ns4:Value>
      <ns4:Subcode>
      <ns4:Value>wsse:InvalidSecurity</ns4:Value>
      </ns4:Subcode>
      </ns4:Code>
      <ns4:Reason>
      <ns4:Text xml:lang="en">Invalid Security Header</ns4:Text>
      </ns4:Reason>
      </ns4:Fault>
      </S:Body>
      </S:Envelope>

      6. Modify soapUI request, change <soap:Header/> into <soap:Header1/>, and submit it to the service.
      The response in this case:
      <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope">
      <S:Body>
      <S:Fault xmlns:ns4="http://schemas.xmlsoap.org/soap/envelope/">
      <S:Code>
      <S:Value>S:Receiver</S:Value>
      </S:Code>
      <S:Reason>
      <S:Text xml:lang="en">java.lang.NullPointerException</S:Text>
      </S:Reason>
      </S:Fault>
      </S:Body>
      </S:Envelope>

      Expected response: signed SOAP fault with the real error description.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            leonid.kosmylev
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: