cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From emswbandara <...@git.apache.org>
Subject [GitHub] cxf pull request #295: Prevent NPE thrown in getAuthorizationPolicyFromMessa...
Date Thu, 20 Jul 2017 07:20:25 GMT
GitHub user emswbandara opened a pull request:

    https://github.com/apache/cxf/pull/295

    Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values
with lenght less than 4

    This PR fixes the following issue. 
    In the getAuthorizationPolicyFromMessage() method in AbstractHTTPDestination class, the
following line of code returns null when we provide an encoded string with character length
less than 4(invalid base64 data) as the value for basic authorization headers.(curl -k -d
"grant_type=password&username=Username&password=Password" -H "Authorization : Basic
som" http://localhost:8280/token)
    
    byte[] authBytes = Base64Utility.decode(authEncoded) (line 175)
    
    Since this is obtained as null the following line of code throws the NPE.
    
    String authDecoded = decodeBasicAuthWithIso8859 ? new String(authBytes, StandardCharsets.ISO_8859_1)
: new String(authBytes)       
               

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/emswbandara/cxf master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cxf/pull/295.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #295
    
----
commit fc3995d9d4cf44eabea447adbd06e1419a5d6d00
Author: emsw.bandara <emsw.bandara@gmail.com>
Date:   2017-07-20T07:12:25Z

    Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values
with lenght less than 4

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message