cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/9] cxf git commit: Prevent an ArrayIndexOutOfBoundsException on an empty token
Date Wed, 20 Jan 2016 16:21:20 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 409ac7e5a -> e61467c87


Prevent an ArrayIndexOutOfBoundsException on an empty token


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7d96d7ae
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7d96d7ae
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7d96d7ae

Branch: refs/heads/3.0.x-fixes
Commit: 7d96d7aef6fcad1f141927919c16b972e5224b26
Parents: 409ac7e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jan 20 11:58:10 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jan 20 15:36:55 2016 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7d96d7ae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index 1a397c5..3792ea5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -87,6 +87,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
         // WWW-Authenticate with the list of supported schemes will be sent back 
         // if the scheme is not accepted
         String[] authParts = getAuthorizationParts(m);
+        if (authParts.length < 2) {
+            throw ExceptionUtils.toForbiddenException(null, null);
+        }
         String authScheme = authParts[0];
         String authSchemeData = authParts[1];
         


Mime
View raw message