I recently enabled audit logging in my STS (based on 2.7.12-SNAPSHOT), by configuring eventListener in my TokenIssueOperation with an org.apache.cxf.sts.event.map.EventMapper object. This works great in most cases. But when my incoming RST contains an ActAs element, I get a NullPointerException:
java.lang.NullPointerException
at org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106)
at org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70)
at org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729)
at org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233)
at org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:83)
...
If I de-configure eventListener in my TokenIssueOperation I have no issues. Looking over the handleEvent method, it looks like it is referencing this line:
map.put<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Object%29>(KEYS<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.ACTAS_PRINCIPAL<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.name<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/lang/Enum.java#Enum.name%28%29>(), params.getTokenRequirements<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/TokenProviderParameters.java#TokenProviderParameters.getTokenRequirements%28%29>().getActAs<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenRequirements.java#TokenRequirements.getActAs%28%29>().getPrincipal<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/ReceivedToken.java#ReceivedToken.getPrincipal%28%29>().getName<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/Principal.java#Principal.getName%28%29>());
I haven't had a chance to track it much further than this, but it looks like the event handler is either prematurely accessing the ActAs token, or the ActAs token was read in and not parseable. The ActAs element, in my case, contains a SAML 2 assertion previously issued by this STS, so it should certainly be parseable, and in fact when I disable audit logging everything works fine and completes normally. I've been away for a few weeks, but my recollection is that this all worked fine three weeks ago. Has something changed in the snapshot? Any help or insight would be appreciated, thanx!
Stephen W. Chappell
java.lang.NullPointerException
at org.apache.cxf.sts.event.map.EventMapper.handleEvent(EventMapper.java:106)
at org.apache.cxf.sts.event.map.EventMapper.handleSTSEvent(EventMapper.java:70)
at org.apache.cxf.sts.operation.AbstractOperation.publishEvent(AbstractOperation.java:729)
at org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:233)
at org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:83)
...
If I de-configure eventListener in my TokenIssueOperation I have no issues. Looking over the handleEvent method, it looks like it is referencing this line:
map.put<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/util/Map.java#Map.put%28java.lang.String%2Cjava.lang.Object%29>(KEYS<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.ACTAS_PRINCIPAL<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/event/map/KEYS.java#KEYS.0ACTAS_PRINCIPAL>.name<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/lang/Enum.java#Enum.name%28%29>(), params.getTokenRequirements<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/token/provider/TokenProviderParameters.java#TokenProviderParameters.getTokenRequirements%28%29>().getActAs<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/TokenRequirements.java#TokenRequirements.getActAs%28%29>().getPrincipal<http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf.services.sts/cxf-services-sts-core/2.7.11/org/apache/cxf/sts/request/ReceivedToken.java#ReceivedToken.getPrincipal%28%29>().getName<http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/Principal.java#Principal.getName%28%29>());
I haven't had a chance to track it much further than this, but it looks like the event handler is either prematurely accessing the ActAs token, or the ActAs token was read in and not parseable. The ActAs element, in my case, contains a SAML 2 assertion previously issued by this STS, so it should certainly be parseable, and in fact when I disable audit logging everything works fine and completes normally. I've been away for a few weeks, but my recollection is that this all worked fine three weeks ago. Has something changed in the snapshot? Any help or insight would be appreciated, thanx!
Stephen W. Chappell