cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] 01/02: Avoid NPE in ClientCodeRequestFilter if the state is not configured
Date Tue, 20 Feb 2018 10:19:00 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 938195c89b5ca91a7a869b6d1f2c3360e03f42cd
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Mon Feb 19 16:57:31 2018 +0000

    Avoid NPE in ClientCodeRequestFilter if the state is not configured
    
    (cherry picked from commit 3b57c646f07963a79b41bb39dabd875b09ed614a)
    
    # Conflicts:
    #	rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
---
 .../cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 1d282ed..c0e8254 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -155,10 +155,10 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
     
     private void checkSecurityContextEnd(ContainerRequestContext rc,
                                          MultivaluedMap<String, String> requestParams)
{
-        String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
         SecurityContext sc = rc.getSecurityContext();
         if (sc == null || sc.getUserPrincipal() == null) {
-            if (codeParam == null 
+            String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
+            if (codeParam == null
                 && requestParams.containsKey(OAuthConstants.ERROR_KEY)
                 && !faultAccessDeniedResponses) {
                 if (!applicationCanHandleAccessDenied) {
@@ -236,7 +236,9 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         ClientAccessToken at = null;
         if (codeParam != null) {
             AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
-            grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+            if (state != null) {
+                grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+            }
             at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant,
useAuthorizationHeader);
         }
         ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, requestParams,
state);

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message