cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Avoiding possible NPEs in the oauth2 providers
Date Thu, 04 May 2017 11:40:30 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4f0978849 -> 9e48cd67c


Avoiding possible NPEs in the oauth2 providers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9e48cd67
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9e48cd67
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9e48cd67

Branch: refs/heads/3.1.x-fixes
Commit: 9e48cd67cefd0b4311220431f0e1cdc3758cb3d6
Parents: 4f09788
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu May 4 12:38:40 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu May 4 12:40:09 2017 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/grants/code/AbstractCodeDataProvider.java   | 2 +-
 .../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9e48cd67/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index c69b7bc..4e9c5f1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -69,7 +69,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
     protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);
     
     public static boolean isCodeMatched(ServerAuthorizationCodeGrant grant, Client c, UserSubject
sub) {
-        if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
+        if (grant != null && (c == null || grant.getClient().getClientId().equals(c.getClientId())))
{
             UserSubject grantSub = grant.getSubject();
             return sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin());
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9e48cd67/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 1fb2b67..82d182f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -583,7 +583,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
                 && c.getResourceOwnerSubject().getLogin().equals(resourceOwner.getLogin());
     }
     protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject
sub) {
-        if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+        if (token != null && (c == null || token.getClient().getClientId().equals(c.getClientId())))
{
             UserSubject tokenSub = token.getSubject();
             if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin()))
{
                 return true;


Mime
View raw message