cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Avoiding possible NPEs in the oauth2 providers
Date Thu, 04 May 2017 11:38:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 19121e3da -> 10ebf9ccf


Avoiding possible NPEs in the oauth2 providers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/10ebf9cc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/10ebf9cc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/10ebf9cc

Branch: refs/heads/master
Commit: 10ebf9ccfd29ad5888e639b4d4f558cc59bbdc60
Parents: 19121e3
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu May 4 12:38:40 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu May 4 12:38:40 2017 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/grants/code/AbstractCodeDataProvider.java   | 2 +-
 .../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/10ebf9cc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index b165886..8787a8b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -69,7 +69,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
     protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);
 
     public static boolean isCodeMatched(ServerAuthorizationCodeGrant grant, Client c, UserSubject
sub) {
-        if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
+        if (grant != null && (c == null || grant.getClient().getClientId().equals(c.getClientId())))
{
             UserSubject grantSub = grant.getSubject();
             return sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin());
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/10ebf9cc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 14e596d..cc1b623 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -579,7 +579,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
                 && c.getResourceOwnerSubject().getLogin().equals(resourceOwner.getLogin());
     }
     protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject
sub) {
-        if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+        if (token != null && (c == null || token.getClient().getClientId().equals(c.getClientId())))
{
             UserSubject tokenSub = token.getSubject();
             if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin()))
{
                 return true;


Mime
View raw message