Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 721DC200CCB for ; Thu, 20 Jul 2017 09:20:27 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 70ACC16AB25; Thu, 20 Jul 2017 07:20:27 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B7D7816AB20 for ; Thu, 20 Jul 2017 09:20:26 +0200 (CEST) Received: (qmail 96178 invoked by uid 500); 20 Jul 2017 07:20:25 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 96167 invoked by uid 99); 20 Jul 2017 07:20:25 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jul 2017 07:20:25 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 4CECADFF8A; Thu, 20 Jul 2017 07:20:25 +0000 (UTC) From: emswbandara To: dev@cxf.apache.org Reply-To: dev@cxf.apache.org Message-ID: Subject: [GitHub] cxf pull request #295: Prevent NPE thrown in getAuthorizationPolicyFromMessa... Content-Type: text/plain Date: Thu, 20 Jul 2017 07:20:25 +0000 (UTC) archived-at: Thu, 20 Jul 2017 07:20:27 -0000 GitHub user emswbandara opened a pull request: https://github.com/apache/cxf/pull/295 Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with lenght less than 4 This PR fixes the following issue. In the getAuthorizationPolicyFromMessage() method in AbstractHTTPDestination class, the following line of code returns null when we provide an encoded string with character length less than 4(invalid base64 data) as the value for basic authorization headers.(curl -k -d "grant_type=password&username=Username&password=Password" -H "Authorization : Basic som" http://localhost:8280/token) byte[] authBytes = Base64Utility.decode(authEncoded) (line 175) Since this is obtained as null the following line of code throws the NPE. String authDecoded = decodeBasicAuthWithIso8859 ? new String(authBytes, StandardCharsets.ISO_8859_1) : new String(authBytes) You can merge this pull request into a Git repository by running: $ git pull https://github.com/emswbandara/cxf master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cxf/pull/295.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #295 ---- commit fc3995d9d4cf44eabea447adbd06e1419a5d6d00 Author: emsw.bandara Date: 2017-07-20T07:12:25Z Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization header values with lenght less than 4 ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---