Spring Security - Wss4jSecurityInterceptor - Nullpointer

扶醉桌前 提交于 2020-01-04 04:41:06

问题


I have the luck to migrate a large monolithic system from Java7 and Scala 2.10 to Java8 and Scala 2.11. So far so good. The application is using SpringSecurity.

After updating the spring libraries to the newest one we faced a null pointer exception thrown in Wss4jSecurityInterceptor in the validateMessage method here:

if (validationActionsVector.contains(WSConstants.NO_SECURITY)) {
            return;
}

The exception occurs during running a test. However, before I post here tons of code (test/implementation..) probably somebody has an idea where to approach the problem - or which part should be investigated in more detail.

EDIT:

One interesting fact that by compiling with Java7 and Scala 2.10 (with the same library versions) the null pointer exception do not occur.


回答1:


It's an open SWS bug If you don't use the validation (no validationActions set), then do:

interceptor.setValidateResponse(false);
interceptor.setValidateRequest(false);

Edit: As of 30.10.2017 the bug is closed. Should work fine with versions 2.4.1, 3.0.0.RELEASE and above.




回答2:


the main reason is the inconsistency between the versions of ws and xmlsec. if you are only client, then you can opt out the validation.

interceptor.setValidationActions("NoSecurity");
interceptor.setValidateResponse(false);


来源:https://stackoverflow.com/questions/39696342/spring-security-wss4jsecurityinterceptor-nullpointer

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!