Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NullPointerException on First invocation to Spring WS Service with Nonce [SWS-841] #915

gregturn opened this issue Jul 23, 2013 · 4 comments


Copy link

@gregturn gregturn commented Jul 23, 2013

Jorge Perez opened SWS-841 and commented

I have a web service implemented with Spring WS stack over a JBoss 5.1 GA.

The service has configured as one of the interceptors the security interceptor:

<bean id="wsSecurityInterceptor" class="">
  <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
  <property name="callbackHandlers">
      <ref bean="ldapAuthenticationHandler" />

The content of securityPolicy.xml file is the following one:

<xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="true" />

The problem is that since I set the nonceRequired attribute to true, always the first invocation sent to the service returns a NullPointerException:

   <faultstring xml:lang="en">java.lang.NullPointerException; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException</faultstring>

On following invocations exception is never found again.
It seems related to the nonce cache, as it in first invocation the cache is not created yet and instead of validating any input nonce, it returns this exception.

Is there any way to avoid this problem? The environment on which the app is installed restarts everyday so always users get this error once a day.

I attach the full appContext file of the web service in case it helps.

Thanks a lot and regards.

Affects: 2.0.4


Referenced from: commits f3445a8

1 votes, 3 watchers

Copy link
Member Author

@gregturn gregturn commented Jul 24, 2013

Steven Bauer commented

I am seeing the same issue.
Also JBOSS 5.1.
spring-ws-core version 2.1.3.RELEASE

Copy link
Member Author

@gregturn gregturn commented Aug 20, 2013

Arjen Poutsma commented

Added code tags.

Copy link
Member Author

@gregturn gregturn commented Aug 20, 2013

Arjen Poutsma commented

Could you give me the full stack trace of the server side? I'd like to know where the NPE occurs.

Copy link
Member Author

@gregturn gregturn commented Aug 20, 2013

Arjen Poutsma commented

After some more verification, it seems that the NPE occurs when a message does contain a Nonce element, but does not contain a Created element. XWSS does not like this, and throws a NullPointerException with the following stacktrace:

Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException
	at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(
	... 28 more
Caused by: java.lang.NullPointerException
	at java.util.Hashtable.put(
	at com.sun.xml.wss.impl.misc.NonceCache.validateAndCacheNonce(
	at com.sun.xml.wss.impl.misc.DefaultNonceManager.validateNonce(
	at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.validateAndCacheNonce(
	at com.sun.xml.wss.impl.filter.AuthenticationTokenFilter.getUserNameTokenFromMessage(
	at com.sun.xml.wss.impl.filter.AuthenticationTokenFilter.processUserNameToken(
	at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(
	at com.sun.xml.wss.impl.HarnessUtil.processDeep(
	at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(
	at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(
	at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(
	at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(
	... 29 more

The stacktrace originates from the fact that com.sun.xml.wss.impl.misc.NonceCache.validateAndCacheNonce wants to insert a null value for the created date into a Hashtable, which does not allow null values.

I tried to create a workaround for this, by repeating the XWSS method call twice (as suggested in the description), but this seems to have no effect.

Closing as Won't Fix, because it appears to be a XWSS issue with no possible workaround. If more investigation is requested, please supply a reproducible test case in the same format as

@gregturn gregturn closed this Aug 20, 2013
@gregturn gregturn added this to the 2.1.4 milestone Sep 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.