[JBWS-4429] NPE when SOAP request with mismatched targetNameSpace is …

…received
jbossws · Oct 11, 2024 · 7a43a95 · 7a43a95
1 parent 3d6a122
commit 7a43a95
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/modules/client/src/main/java/org/jboss/wsf/stack/cxf/i18n/Messages.java b/modules/client/src/main/java/org/jboss/wsf/stack/cxf/i18n/Messages.java
@@ -219,4 +219,7 @@ public interface Messages {
 
     @Message(id = 24113, value = "Invalid endpoint URI: %s")
     IllegalArgumentException invalidEndpointURI(String endpoint);
+
+    @Message(id = 24118, value = "BindingOperation is missing for authorization")
+    IllegalArgumentException missingBindingOperationForAuthorization();
 }
diff --git a/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/HandlerAuthInterceptor.java b/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/HandlerAuthInterceptor.java
@@ -144,6 +144,10 @@ protected void checkAuthorization(MessageContext ctx)
             SecurityContext secCtx = message.get(SecurityContext.class);
             BindingOperationInfo bop = exchange.getBindingOperationInfo();
             MethodDispatcher md = (MethodDispatcher) exchange.getService().get(MethodDispatcher.class.getName());
+            if (bop == null)
+            {
+               throw MESSAGES.missingBindingOperationForAuthorization();
+            }
             Method method = md.getMethod(bop);
 
             EJBMethodSecurityAttribute attributes = attributeProvider.getSecurityAttributes(method);