cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6559] Avoiding NPE in AbstractOAuthDataProvider.refreshAccessToken
Date Wed, 26 Aug 2015 11:11:28 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 3fb7debb0 -> f18b8694d


[CXF-6559] Avoiding NPE in AbstractOAuthDataProvider.refreshAccessToken


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f18b8694
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f18b8694
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f18b8694

Branch: refs/heads/3.0.x-fixes
Commit: f18b8694d2c7bae3f36d133985182594a6e28445
Parents: 3fb7deb
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Aug 26 12:09:48 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Aug 26 12:11:10 2015 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 5 ++++-
 .../oauth2/provider/DefaultEncryptingOAuthDataProvider.java    | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f18b8694/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 20a4774..accd4af 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -51,7 +51,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     @Override
     public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey,
                                                 List<String> restrictedScopes) throws
OAuthServiceException {
-        RefreshToken oldRefreshToken = revokeRefreshAndAccessTokens(client, refreshTokenKey);

+        RefreshToken oldRefreshToken = revokeRefreshAndAccessTokens(client, refreshTokenKey);
+        if (oldRefreshToken == null) {
+            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
+        }
         return doRefreshAccessToken(client, oldRefreshToken, restrictedScopes);
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f18b8694/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
index eae9120..d033b1f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -109,7 +109,11 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
     @Override
     protected RefreshToken revokeRefreshToken(Client client, String refreshTokenKey) {
         refreshTokens.remove(refreshTokenKey);
-        return ModelEncryptionSupport.decryptRefreshToken(this, refreshTokenKey, key);
+        try {
+            return ModelEncryptionSupport.decryptRefreshToken(this, refreshTokenKey, key);
+        } catch (SecurityException ex) {
+            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED, ex);
+        }
     }
 
     private void encryptAccessToken(ServerAccessToken token) {


Mime
View raw message