cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] branch master updated: Avoid NPE in ClientCodeRequestFilter if the state is not configured
Date Mon, 19 Feb 2018 16:57:54 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 3b57c64  Avoid NPE in ClientCodeRequestFilter if the state is not configured
3b57c64 is described below

commit 3b57c646f07963a79b41bb39dabd875b09ed614a
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Mon Feb 19 16:57:31 2018 +0000

    Avoid NPE in ClientCodeRequestFilter if the state is not configured
---
 .../cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index e832b27..e5a9295 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -154,9 +154,9 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
 
     private void checkSecurityContextEnd(ContainerRequestContext rc,
                                          MultivaluedMap<String, String> requestParams)
{
-        String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
         SecurityContext sc = rc.getSecurityContext();
         if (sc == null || sc.getUserPrincipal() == null) {
+            String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
             if (codeParam == null
                 && requestParams.containsKey(OAuthConstants.ERROR_KEY)
                 && !faultAccessDeniedResponses) {
@@ -235,7 +235,9 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         ClientAccessToken at = null;
         if (codeParam != null) {
             AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
-            grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+            if (state != null) {
+                grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+            }
             at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant,
useAuthorizationHeader);
         }
         ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, requestParams,
state);

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message