XML Decryption Filter Throwing Unhandled Exception Resulting in NullPointerException when wrong Certificate is Used
(Doc ID 2132250.1)
Last updated on AUGUST 19, 2022
Applies to:
Oracle API Gateway - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Symptoms
In OAG 11.1.2.4 SP2 with <Patch 22509139> applied, a decryption policy works fine if the message is encrypted with expected certificate. It fails if the message is not encrypted with expected certificate, and this failure is expected.
However, the exception is not handled by the OAG exception handling framework when a failure occurs. The failure produces a 500 Internal Server Error followed by a NullPointerException.
The expectation is that any exception thrown by the API Gateway will be handled by a Fault Handler if configured. In this case, the NullPointerException is bypassing three levels of Fault Handlers (including the Global Fault Handler policy) which results in the HTTP 500 error.
STEPS
------
1. Apply patch 22509139 on top of OAG 11.1.2.4 SP2
2. Create a decryption policy where the message is encrypted with the wrong certificate to trigger the failure.
3. The error will occur.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |