wsit
  1. wsit
  2. WSIT-1603

NullPointerException in PolicyUtil.java line 78

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Works as designed
    • Affects Version/s: 2.1, 2.1.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      Server: IBM WebSphere Applicationserver 7

      Client: JRE 1.6 u29 + Metro 2.1/2.1.1

      Description

      On a websphere appserver i run a webservice which has the following policy defined:

          <wsp:Policy wsu:Id="f95ccd00-2520-4050-89df-48db7f55bb36">
            <ns2:SupportingTokens xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
              <wsp:Policy>
                <ns2:UsernameToken ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                  <wsp:Policy>
                    <ns2:WssUsernameToken10/>
                  </wsp:Policy>
                </ns2:UsernameToken>
              </wsp:Policy>
            </ns2:SupportingTokens>
          </wsp:Policy>
      

      The policy is referenced by the operation input.

        <binding name="UserServicePortBinding" type="tns:UserService">
          <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
          <operation name="getCurrentUser">
            <soap:operation soapAction=""/>
            <input>
              <soap:body use="literal"/>
          <wsp:PolicyReference URI="#f95ccd00-2520-4050-89df-48db7f55bb36"/>
            </input>
            <output>
              <soap:body use="literal"/>
            </output>
          </operation>
        </binding>
      

      If i run my metro 2.1/2.1.1 client i get the following exception:

      Caused by: java.lang.NullPointerException
      	at com.sun.xml.ws.security.impl.policy.PolicyUtil.isSecurityPolicyNS(PolicyUtil.java:78)
      	at com.sun.xml.ws.security.impl.policy.PolicyUtil.isSignedParts(PolicyUtil.java:502)
      	at com.sun.xml.ws.security.impl.policyconv.XWSSPolicyGenerator.collectPolicies(XWSSPolicyGenerator.java:313)
      	at com.sun.xml.ws.security.impl.policyconv.XWSSPolicyGenerator.process(XWSSPolicyGenerator.java:165)
      	at com.sun.xml.ws.security.impl.policyconv.XWSSPolicyGenerator.process(XWSSPolicyGenerator.java:160)
      	at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.constructPolicyHolder(SecurityTubeBase.java:1338)
      	at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.constructPolicyHolder(SecurityTubeBase.java:1331)
      	at com.sun.xml.wss.jaxws.impl.SecurityClientTube.addOutgoingMP(SecurityClientTube.java:701)
      	at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.collectOperationAndMessageLevelPolicies(SecurityTubeBase.java:824)
      	at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.collectPolicies(SecurityTubeBase.java:758)
      	at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.<init>(SecurityTubeBase.java:274)
      	at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:152)
      	at com.sun.xml.wss.provider.wsit.SecurityTubeFactory.createTube(SecurityTubeFactory.java:285)
      	at com.sun.xml.ws.assembler.TubeCreator.createTube(TubeCreator.java:84)
      	at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$MetroTubelineAssembler.createClient(TubelineAssemblerFactoryImpl.java:130)
      	at com.sun.xml.ws.client.Stub.createPipeline(Stub.java:228)
      	at com.sun.xml.ws.client.Stub.<init>(Stub.java:205)
      	at com.sun.xml.ws.client.Stub.<init>(Stub.java:178)
      	at com.sun.xml.ws.client.sei.SEIStub.<init>(SEIStub.java:85)
      	at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:608)
      	at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:348)
      	at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:330)
      	at javax.xml.ws.Service.getPort(Service.java:175)
      

      After some debugging i found out that it is because the spVersion of the SecurityTubeBase class is never initialized.
      If i append the policy to the binding it's working.

      I think the problem is in the collectPolicies() method of the SecurityTubeBase class.
      The method setPolicyCredentials(), which initializes the spVersion, is only called for endpoint and operation policies.

        Activity

        Hide
        Nithya Ramakrishnan added a comment -

        Currently the input message level policy does not work in metro. Can you please try with an operation level policy? Closing the current bug. Please reopen it if you have problems with the Operation level policy .

        Show
        Nithya Ramakrishnan added a comment - Currently the input message level policy does not work in metro. Can you please try with an operation level policy? Closing the current bug. Please reopen it if you have problems with the Operation level policy .
        Hide
        Holger Uhlitzsch added a comment -

        I just reviewed this and did an additional test, but I don't see a possibility to use operation level policy with Websphere.

        Show
        Holger Uhlitzsch added a comment - I just reviewed this and did an additional test, but I don't see a possibility to use operation level policy with Websphere.
        Hide
        wilk.hoffmann added a comment -

        Hi Folks,
        for me it is a little bit strange, that a "reference implementation" has a bug with a NullpointerException, which will not be fixed, although the specification of the w3 org allows explicitely the usage of message poliy subject, see also http://www.w3.org/TR/ws-policy-attach/#MessagePolicySubject.
        If you send asynchronous notifications with WSS via an ESB, which possibly must buffer the message, it is a good idea to specify the request with WSS but the response not (especially if it is only an acknowledgement without sensitive data).
        For me a valid WSDL, conform to the WS-Policy specification causes a runtime-error which is ignored so far.
        Is there a roadmap when this bug will be fixed in metro?

        Show
        wilk.hoffmann added a comment - Hi Folks, for me it is a little bit strange, that a "reference implementation" has a bug with a NullpointerException, which will not be fixed, although the specification of the w3 org allows explicitely the usage of message poliy subject, see also http://www.w3.org/TR/ws-policy-attach/#MessagePolicySubject . If you send asynchronous notifications with WSS via an ESB, which possibly must buffer the message, it is a good idea to specify the request with WSS but the response not (especially if it is only an acknowledgement without sensitive data). For me a valid WSDL, conform to the WS-Policy specification causes a runtime-error which is ignored so far. Is there a roadmap when this bug will be fixed in metro?
        Hide
        nadeemf added a comment -

        Can you please reply to wilk.hoffman comment. After researching and working on Metro for 3 weeks I have successful calls to the server but getting an Inbound verification exception (LogStringsMessages.WSSTUBE_0025_ERROR_VERIFY_INBOUND_MSG()) because my service provider doesnt encrypt and sign there responses. I need to have message level policy for my project, are there any work arounds?

        Show
        nadeemf added a comment - Can you please reply to wilk.hoffman comment. After researching and working on Metro for 3 weeks I have successful calls to the server but getting an Inbound verification exception (LogStringsMessages.WSSTUBE_0025_ERROR_VERIFY_INBOUND_MSG()) because my service provider doesnt encrypt and sign there responses. I need to have message level policy for my project, are there any work arounds?
        Hide
        wilk.hoffmann added a comment -

        Hi Folks,

        Have a look at WSIT-1582. There is a solution that works. Strange, that this was not mentioned by the assignee of this issue. I had to search for a long time to find it, since I did not assume, that for the same bug two JIRA issues exist.
        Message level policy works fine with metro if you consider, that the policies in the policy hierarchie do not overwrite the upper ones but extend them. Additionally you have to do the following steps:
        You have to define two policies, one (nearly empty) as base which can can place e.g. at binding level and a further one with your needed cryptography rules. This one you place e.g. inside your incoming message tag in your operation.
        The base policy should be empty in that way, that no security header is written.
        An example is given below. You can also use the empty policy in the example from WSIT-1582 with the same effect.

        So why do we have to make this trick with the empty policy?
        The PolicyUtil class tries to find out, which version of the policy is used. This is done by searching for the used namespace.
        If there is no policy (for your response message) or an empty one, this results in the NPE from above.
        At the moment you use a policy which at least uses the right namepace (sp:... see below), the problem is fixed.
        Hope this helps you.

        Example:

         
        <?xml version="1.0" encoding="UTF-8"?>
        <wsdl:definitions targetNamespace="..."
                          xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" 
                          xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                          xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" 
                          xmlns:wsp="http://www.w3.org/ns/ws-policy"
                          xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                          xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
                          xmlns:wsoma="http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization">
        
        
            <wsp:Policy wsu:Id="EmptyPolicy">
                 <wsp:ExactlyOne>
                    <wsp:All>
                        <sp:Wss10>
                            <wsp:Policy>
                                <sp:MustSupportRefIssuerSerial/>
                            </wsp:Policy>
                        </sp:Wss10>
                    </wsp:All>
                </wsp:ExactlyOne>
            </wsp:Policy>
        
            <wsp:Policy wsu:Id="RealPolicy">
                 <wsp:ExactlyOne>
                    <wsp:All>
                    <!-- your signature and encryption stuff here -->
                    <!-- ........................................ -->
                    </wsp:All>
                </wsp:ExactlyOne>
            </wsp:Policy>
        
            <!-- .............................. -->
        
           <wsdl:binding name="MyBinding" type="tns:MyPortType">
            
            	<wsp:PolicyReference URI="#EmptyPolicy"/>
                <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
        
                <wsdl:operation name="myOPWithPlainTextResponse">
                    <soap:operation soapAction="http://myOPWithPlainTextResponse" />
                    <wsdl:input>
                        <wsp:PolicyReference URI="#RealPolicy"/>
                        <soap:body use="literal" />
                    </wsdl:input>
                    <wsdl:output>
                        <soap:body use="literal" />
                    </wsdl:output>
                </wsdl:operation>
            </wsdl:binding>
            
            <!-- ...................... -->
        </wsdl:definitions>
        
        Show
        wilk.hoffmann added a comment - Hi Folks, Have a look at WSIT-1582 . There is a solution that works. Strange, that this was not mentioned by the assignee of this issue. I had to search for a long time to find it, since I did not assume, that for the same bug two JIRA issues exist. Message level policy works fine with metro if you consider, that the policies in the policy hierarchie do not overwrite the upper ones but extend them. Additionally you have to do the following steps: You have to define two policies, one (nearly empty) as base which can can place e.g. at binding level and a further one with your needed cryptography rules. This one you place e.g. inside your incoming message tag in your operation. The base policy should be empty in that way, that no security header is written. An example is given below. You can also use the empty policy in the example from WSIT-1582 with the same effect. So why do we have to make this trick with the empty policy? The PolicyUtil class tries to find out, which version of the policy is used. This is done by searching for the used namespace. If there is no policy (for your response message) or an empty one, this results in the NPE from above. At the moment you use a policy which at least uses the right namepace (sp:... see below), the problem is fixed. Hope this helps you. Example: <?xml version= "1.0" encoding= "UTF-8" ?> <wsdl:definitions targetNamespace= "..." xmlns:wsdl = "http://schemas.xmlsoap.org/wsdl/" xmlns:xsd = "http://www.w3.org/2001/XMLSchema" xmlns:soap = "http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsp = "http://www.w3.org/ns/ws-policy" xmlns:wsu = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:sp = "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsoma = "http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization" > <wsp:Policy wsu:Id= "EmptyPolicy" > <wsp:ExactlyOne> <wsp:All> <sp:Wss10> <wsp:Policy> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsp:Policy wsu:Id= "RealPolicy" > <wsp:ExactlyOne> <wsp:All> <!-- your signature and encryption stuff here --> <!-- ........................................ --> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <!-- .............................. --> <wsdl:binding name= "MyBinding" type= "tns:MyPortType" > <wsp:PolicyReference URI= "#EmptyPolicy" /> <soap:binding style= "document" transport= "http://schemas.xmlsoap.org/soap/http" /> <wsdl:operation name= "myOPWithPlainTextResponse" > <soap:operation soapAction= "http://myOPWithPlainTextResponse" /> <wsdl:input> <wsp:PolicyReference URI= "#RealPolicy" /> <soap:body use= "literal" /> </wsdl:input> <wsdl:output> <soap:body use= "literal" /> </wsdl:output> </wsdl:operation> </wsdl:binding> <!-- ...................... --> </wsdl:definitions>

          People

          • Assignee:
            kumarjayanti
            Reporter:
            Holger Uhlitzsch
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: