cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: CXF-7264: NPE on OAuth RO/CC flows using JPA
Date Thu, 09 Mar 2017 17:42:43 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes ca9d6e1e8 -> 7169e95ca


CXF-7264: NPE on OAuth RO/CC flows using JPA


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7169e95c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7169e95c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7169e95c

Branch: refs/heads/3.1.x-fixes
Commit: 7169e95ca484f7ee20c511bc5f645019541ef502
Parents: ca9d6e1
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Mar 9 17:40:36 2017 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Mar 9 17:42:27 2017 +0000

----------------------------------------------------------------------
 .../oauth2/provider/JPAOAuthDataProvider.java   | 14 +++++++------
 .../provider/JPAOAuthDataProviderTest.java      | 21 ++++++++++++++++++++
 2 files changed, 29 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7169e95c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
index 183014b..0414b24 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
@@ -263,12 +263,14 @@ public class JPAOAuthDataProvider extends AbstractOAuthDataProvider
{
                 }
                 serverToken.setScopes(perms);
 
-                UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getLogin());
-                if (sub == null) {
-                    em.persist(serverToken.getSubject());
-                } else {
-                    sub = em.merge(serverToken.getSubject());
-                    serverToken.setSubject(sub);
+                if (serverToken.getSubject() != null) {
+                    UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getLogin());
+                    if (sub == null) {
+                        em.persist(serverToken.getSubject());
+                    } else {
+                        sub = serverToken.getSubject();
+                        serverToken.setSubject(sub);
+                    }
                 }
                 // ensure we have a managed association
                 // (needed for OpenJPA : InvalidStateException: Encountered unmanaged object)

http://git-wip-us.apache.org/repos/asf/cxf/blob/7169e95c/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
index 4eb8533..630140a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
@@ -177,6 +177,27 @@ public class JPAOAuthDataProviderTest extends Assert {
     }
 
     @Test
+    public void testAddGetDeleteAccessTokenWithNullSubject() {
+        Client c = addClient("102", "bob");
+
+        AccessTokenRegistration atr = new AccessTokenRegistration();
+        atr.setClient(c);
+        atr.setApprovedScope(Collections.singletonList("a"));
+        atr.setSubject(null);
+
+        getProvider().createAccessToken(atr);
+        List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
+        assertNotNull(tokens);
+        assertEquals(1, tokens.size());
+
+        getProvider().removeClient(c.getClientId());
+
+        tokens = getProvider().getAccessTokens(c, null);
+        assertNotNull(tokens);
+        assertEquals(0, tokens.size());
+    }
+
+    @Test
     public void testAddGetDeleteRefreshToken() {
         Client c = addClient("101", "bob");
 


Mime
View raw message