问题
I have the luck to migrate a large monolithic system from Java7 and Scala 2.10 to Java8 and Scala 2.11. So far so good. The application is using SpringSecurity.
After updating the spring libraries to the newest one we faced a null pointer exception thrown in Wss4jSecurityInterceptor in the validateMessage method here:
if (validationActionsVector.contains(WSConstants.NO_SECURITY)) {
return;
}
The exception occurs during running a test. However, before I post here tons of code (test/implementation..) probably somebody has an idea where to approach the problem - or which part should be investigated in more detail.
EDIT:
One interesting fact that by compiling with Java7 and Scala 2.10 (with the same library versions) the null pointer exception do not occur.
回答1:
It's an open SWS bug If you don't use the validation (no validationActions set), then do:
interceptor.setValidateResponse(false);
interceptor.setValidateRequest(false);
Edit: As of 30.10.2017 the bug is closed. Should work fine with versions 2.4.1, 3.0.0.RELEASE and above.
回答2:
the main reason is the inconsistency between the versions of ws and xmlsec. if you are only client, then you can opt out the validation.
interceptor.setValidationActions("NoSecurity");
interceptor.setValidateResponse(false);
来源:https://stackoverflow.com/questions/39696342/spring-security-wss4jsecurityinterceptor-nullpointer