APAR status
Closed as program error.
Error description
[12/5/03 13:36:23:207 CST] 5007e95c SoapSecurityS E WSEC5129E:
An exception while processing WS-Security message:
java.lang.NullPointerException
[1/7/04 13:33:05:498 CST] d2a49d SoapSecurityR E WSEC5129E:
An exception while processing WS-Security message:
java.lang.NullPointerException
Recreation steps
1) Create a Hello World Web service and Web service client.
2) Enable WS-Security LTPA and enable signing securitytoken on
both the service and the client.
3) Enable security on the server (for connecting to the local
OS user registry).
4) Invoke the Web service.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have *
* enabled using the Light Weight Third Party *
* (LTPA) authentication mechanism and are *
* using Web Services. *
****************************************************************
* PROBLEM DESCRIPTION: NullPointerException processing SOAP *
* messages. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Three scenarios below are covered:
1) When there is no LTPA token in the message, an
NullPointerException is thrown from server instead of a
proper token validation failure message.
2) When there is no LTPA found on the client side, an empty
BinarySecurityToken is inserted into the SOAP message.
3) When LTPA token is configured as AuthMethod and token is
signed, when there is no LTPA token in the message, another
NullPointerException is thrown. It should throw token is not
found and not signed exception.
Error messages
[12/5/03 13:36:23:207 CST] 5007e95c SoapSecurityS E WSEC5129E:
An exception while processing WS-Security message:
java.lang.NullPointerException
[1/7/04 13:33:05:498 CST] d2a49d SoapSecurityR E WSEC5129E:
An exception while processing WS-Security message:
java.lang.NullPointerException
Recreation steps
1) Create a Hello World Web service and Web service client.
2) Enable WS-Security LTPA and enable signing securitytoken on
both the service and the client.
3) Enable security on the server (for connecting to the local
OS user registry).
4) Invoke the Web service.
Problem conclusion
Message handling logic was corrected.
Temporary fix Comments
APAR information |
APAR number |
PQ84620 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-02-12 |
Closed date |
2004-03-04 |
Last modified date |
2004-03-04 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|