当我从数据库中提取rampart引擎的密码时,java.lang.NullPointerException

时间:2013-05-08 11:52:54

标签: axis2 rampart

我尝试使用应从数据库中提取的rampart和纯文本密码将wallart安全性添加到我的axis 2 Web服务

我做了什么

1.我在数据库中存储了“bobPW”密码和盐

的散列值

在我的PWCBHandler.java类

•我收到了密码和盐的存储 •我用存储的盐哈希pwcb.getPassword() •检查此散列密码是否等于存储的密码

但是我在这些行中得到零点异常

         if((pwcb.getIdentifier().equals("bob")) && (passwordforchecking.equals(pasandsalt[0])) )

              passwordforchecking = hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));

但是让我疯狂的问题是我确信我从数据库中提取密码和盐,因为我在java应用程序中测试过getdataforchecking并且一切都很好


P

ublic void handle(Callback[] callbacks)   throws IOException,  UnsupportedCallbackException
  {

      for (int i = 0; i < callbacks.length; i++)
       {         


            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            try {
                pasandsalt = getdataforChecking();
          } catch (ClassNotFoundException e1) {
              // TODO Auto-generated catch block
              e1.printStackTrace();
          }

            try {
                passwordforchecking = hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));

            } catch (Exception e) {


                // TODO Auto-generated catch block
                e.printStackTrace();
            }



             if((pwcb.getIdentifier().equals("bob")) && (passwordforchecking.equals(pasandsalt[0])) )
             {
                 return;

             }
         }

   }

  private static String hash(String password, byte[] salt) throws Exception    
  { 
             SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
           KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 256);
           return Base64.encodeBase64String(f.generateSecret(spec).getEncoded());

     }


  public static String[] getdataforChecking() throws ClassNotFoundException
  {

      String[] arr = new String [2];
      Connection conn = null;
      Class.forName("org.postgresql.Driver");
        try
        {
            conn = DriverManager.getConnection(
                    "jdbc:postgresql://localhost:5432/plovdivbizloca",
                    "postgres", "tan");
        }

        catch (SQLException ex)
        {

            ex.printStackTrace();
        }


        Statement mystmt = null;
        String selectQuery = "select * from passwordforservice;";
        try
        {
            mystmt = conn.createStatement();
            ResultSet mysr = mystmt.executeQuery(selectQuery);
            while (mysr.next())
            {
                arr[0] = mysr.getString(1);
                arr[1]= mysr.getString(2);

            }

        }


        catch (Exception ex)
        {
            ex.printStackTrace();

        }
        return arr;



}

  }

这是完整的堆栈跟踪

java.lang.NullPointerException
[ERROR] 
java.lang.NullPointerException
    at nilo.PWCBHandler.handle(PWCBHandler.java:54)
    at org.apache.rampart.TokenCallbackHandler.handle(TokenCallbackHandler.java:98)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
    at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:131)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:65)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:304)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
    at org.apache.rampart.RampartEngine.process(RampartEngine.java:149)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    at nilo.PWCBHandler.hash(PWCBHandler.java:69)
    at nilo.PWCBHandler.handle(PWCBHandler.java:45)
    at org.apache.rampart.TokenCallbackHandler.handle(TokenCallbackHandler.java:98)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
    at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:131)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:65)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:304)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
    at org.apache.rampart.RampartEngine.process(RampartEngine.java:149)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

1 个答案:

答案 0 :(得分:0)

也许你可以在回调课程中从数据库中获取密码字符串后尝试pwcb.setPassword("pass")

或者您可以尝试使用pwcb.getRequestData().getPwType()来检查您传递的类型。