Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-841

NullPointerException on First invocation to Spring WS Service with Nonce

    Details

    • Type: Support
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.4
    • Fix Version/s: 2.1.4
    • Component/s: Security
    • Labels:
      None
    • Environment:
      JBoss 5.1 GA on GNU/Linux server 2.6.32.59
      Tested also with same AS in a Windows 7 laptop

      Description

      I have a web service implemented with Spring WS stack over a JBoss 5.1 GA.

      The service has configured as one of the interceptors the security interceptor:

      <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
        <property name="callbackHandlers">
          <list>
            <ref bean="ldapAuthenticationHandler" />
          </list>
        </property>
      </bean>

      The content of securityPolicy.xml file is the following one:

      <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="true" />

      The problem is that since I set the nonceRequired attribute to true, always the first invocation sent to the service returns a NullPointerException:

      <SOAP-ENV:Fault>
         <faultcode>SOAP-ENV:Client</faultcode>
         <faultstring xml:lang="en">java.lang.NullPointerException; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException</faultstring>
      </SOAP-ENV:Fault>

      On following invocations exception is never found again.
      It seems related to the nonce cache, as it in first invocation the cache is not created yet and instead of validating any input nonce, it returns this exception.

      Is there any way to avoid this problem? The environment on which the app is installed restarts everyday so always users get this error once a day.

      I attach the full appContext file of the web service in case it helps.

      Thanks a lot and regards.

        Activity

        j.perez.nuno Jorge Perez created issue -
        arjen.poutsma Arjen Poutsma made changes -
        Field Original Value New Value
        Assignee Arjen Poutsma [ arjen.poutsma ]
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 2.1.4 [ 14119 ]
        arjen.poutsma Arjen Poutsma made changes -
        Description I have a web service implemented with Spring WS stack over a JBoss 5.1 GA.

        The service has configured as one of the interceptors the security interceptor:
        <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
        <property name="callbackHandlers">
        <list>
        <ref bean="ldapAuthenticationHandler" />
        </list>
        </property>
        </bean>

        The content of securityPolicy.xml file is the following one:
        <xwss:RequireUsernameToken
        passwordDigestRequired="false" nonceRequired="true" />

        The problem is that since I set the nonceRequired attribute to true, always the first invocation sent to the service returns a NullPointerException:
        <SOAP-ENV:Fault>
           <faultcode>SOAP-ENV:Client</faultcode>
           <faultstring xml:lang="en">java.lang.NullPointerException; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException</faultstring>
        </SOAP-ENV:Fault>

        On following invocations exception is never found again.
        It seems related to the nonce cache, as it in first invocation the cache is not created yet and instead of validating any input nonce, it returns this exception.

        Is there any way to avoid this problem? The environment on which the app is installed restarts everyday so always users get this error once a day.

        I attach the full appContext file of the web service in case it helps.

        Thanks a lot and regards.

        I have a web service implemented with Spring WS stack over a JBoss 5.1 GA.

        The service has configured as one of the interceptors the security interceptor:
        {code:xml}
        <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
          <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
          <property name="callbackHandlers">
            <list>
              <ref bean="ldapAuthenticationHandler" />
            </list>
          </property>
        </bean>
        {code}

        The content of securityPolicy.xml file is the following one:

        {code:xml}
        <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="true" />
        {code}

        The problem is that since I set the nonceRequired attribute to true, always the first invocation sent to the service returns a NullPointerException:
        {code:xml}
        <SOAP-ENV:Fault>
           <faultcode>SOAP-ENV:Client</faultcode>
           <faultstring xml:lang="en">java.lang.NullPointerException; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException</faultstring>
        </SOAP-ENV:Fault>
        {code}

        On following invocations exception is never found again.
        It seems related to the nonce cache, as it in first invocation the cache is not created yet and instead of validating any input nonce, it returns this exception.

        Is there any way to avoid this problem? The environment on which the app is installed restarts everyday so always users get this error once a day.

        I attach the full appContext file of the web service in case it helps.

        Thanks a lot and regards.

        arjen.poutsma Arjen Poutsma made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            j.perez.nuno Jorge Perez
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: