0

データベースから抽出する必要がある壁と平文のパスワードを使用して、軸 2 Web サービスに壁セキュリティを追加しようとしています。

私が作ったもの

1.「bobPW」パスワードとソルトのハッシュ値をデータベースに保存しました

私の PWCBHandler.java クラスで

•保存されたパスワードとソルトを取得します •保存されたソルトで pwcb.getPassword() をハッシュします •このハッシュされたパスワードが保存されたパスワードと等しいかどうかを確認します

しかし、これらの行にnullポイント例外があります

         if((pwcb.getIdentifier().equals("bob")) && (passwordforchecking.equals(pasandsalt[0])) )

              passwordforchecking = hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));

しかし、私を本当に怒らせる問題は、Java アプリケーションで getdataforchecking をテストし、すべてが正常であるため、データベースからパスワードとソルトを抽出したと確信していることです。


コード

p

ublic void handle(Callback[] callbacks)   throws IOException,  UnsupportedCallbackException
  {
     
      for (int i = 0; i < callbacks.length; i++)
       {         
        
       
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            try {
                pasandsalt = getdataforChecking();
          } catch (ClassNotFoundException e1) {
              // TODO Auto-generated catch block
              e1.printStackTrace();
          }
           
            try {
                passwordforchecking = hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));
               
            } catch (Exception e) {
               
               
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
           
                   
     
             if((pwcb.getIdentifier().equals("bob")) && (passwordforchecking.equals(pasandsalt[0])) )
             {
                 return;
                
             }
         }
          
   }

  private static String hash(String password, byte[] salt) throws Exception    
  { 
             SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
           KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 256);
           return Base64.encodeBase64String(f.generateSecret(spec).getEncoded());
                  
     }
 
 
  public static String[] getdataforChecking() throws ClassNotFoundException
  {
     
      String[] arr = new String [2];
      Connection conn = null;
      Class.forName("org.postgresql.Driver");
        try
        {
            conn = DriverManager.getConnection(
                    "jdbc:postgresql://localhost:5432/plovdivbizloca",
                    "postgres", "tan");
        }

        catch (SQLException ex)
        {

            ex.printStackTrace();
        }
      
     
        Statement mystmt = null;
        String selectQuery = "select * from passwordforservice;";
        try
        {
            mystmt = conn.createStatement();
            ResultSet mysr = mystmt.executeQuery(selectQuery);
            while (mysr.next())
            {
                arr[0] = mysr.getString(1);
                arr[1]= mysr.getString(2);
               
            }
           
        }
       
       
        catch (Exception ex)
        {
            ex.printStackTrace();
           
        }
        return arr;

 
 
}

  }
 

ここに完全なスタックトレースがあります

java.lang.NullPointerException
[ERROR] 
java.lang.NullPointerException
    at nilo.PWCBHandler.handle(PWCBHandler.java:54)
    at org.apache.rampart.TokenCallbackHandler.handle(TokenCallbackHandler.java:98)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
    at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:131)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:65)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:304)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
    at org.apache.rampart.RampartEngine.process(RampartEngine.java:149)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    at nilo.PWCBHandler.hash(PWCBHandler.java:69)
    at nilo.PWCBHandler.handle(PWCBHandler.java:45)
    at org.apache.rampart.TokenCallbackHandler.handle(TokenCallbackHandler.java:98)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:168)
    at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
    at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:131)
    at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:65)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:304)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
    at org.apache.rampart.RampartEngine.process(RampartEngine.java:149)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
4

1 に答える 1