Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-28212

[GSS](8.0.z) JBWS-4429 - NPE when SOAP request with mismatched targetNameSpace is received

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 8.0 Update 5
    • None
    • Web Services
    • None
    • False
    • None
    • False
    • Hide

      We can see NPE with the attached simple reproducer on JBoss EAP 7.4.18 and OpenJDK8:

      1. unzip reproducer-src.zip
      2. cd reproducer-src/webservice-server
      3. mvn package
      3. cp webservice-server.war JBOSS_EAP_7_4_18_HOME/standalone/deployments/
      4. Start JBoss EAP 7.4.18
      5. cd ../webservice-client
      6. mvn package exec:exec
      7. We can see NPE in server.log on server side

      Show
      We can see NPE with the attached simple reproducer on JBoss EAP 7.4.18 and OpenJDK8: 1. unzip reproducer-src.zip 2. cd reproducer-src/webservice-server 3. mvn package 3. cp webservice-server.war JBOSS_EAP_7_4_18_HOME/standalone/deployments/ 4. Start JBoss EAP 7.4.18 5. cd ../webservice-client 6. mvn package exec:exec 7. We can see NPE in server.log on server side

      NullPointerException is thrown when a client sends a request with an unmatched targetNameSpace to a WebService that meets the following conditions:

      • marked as Stateless Session Bean
      • has a HandlerChain
      @Stateless
      //@WebService(targetNamespace ="http://com.redhat.gss.example.soap/") // correct targetNamespace
      @WebService(targetNamespace ="http://com.redhat.gss.invalid/")        // invalid targetNamespace that is not matched with wsdl distributed to clients
      @HandlerChain(file = "/META-INF/handlers.xml")
      public class HelloService {...}
      

      jboss-eap-7.4/standalone/log/server.log

      2024-08-19 12:44:25,315 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Interceptor for {http://com.redhat.gss.invalid/}HelloServiceService has thrown exception, unwinding now: java.lang.NullPointerException
      	at org.apache.cxf.service.factory.SimpleMethodDispatcher.getMethod(SimpleMethodDispatcher.java:97)
      	at org.jboss.wsf.stack.cxf.interceptor.HandlerAuthInterceptor$JBossWSHandlerChainInvoker.checkAuthorization(HandlerAuthInterceptor.java:150)
      	at org.jboss.wsf.stack.cxf.interceptor.HandlerAuthInterceptor$JBossWSHandlerChainInvoker.invokeProtocolHandlers(HandlerAuthInterceptor.java:112)
      	at 
              ...
      

      It is more appropriate to throw an exception indicating the cause exception instead of NPE.

      If the Web Service is not stateless sesssion bean or no HandlerChain, the following exception will be thrown instead of NPE:

      13:46:47,453 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Interceptor for {http://com.redhat.gss.invalid/}HelloServiceService#{http://com.redhat.gss.invalid/}sayHello has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: Unexpected wrapper element {http://com.redhat.gss.example.soap/}sayHello found.   Expected {http://com.redhat.gss.invalid/}sayHello.
      	at org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:107)
      	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
      	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
      	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
      	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
      	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
      

            lvydra Lukas Vydra
            rhn-engineering-lgao Lin Gao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: