cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl von Randow (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6561) ResourceOwnerGrantHandler: ResourceOwnerLoginHandler can't return null or throw exception
Date Wed, 26 Aug 2015 23:39:45 GMT
Karl von Randow created CXF-6561:
------------------------------------

             Summary: ResourceOwnerGrantHandler: ResourceOwnerLoginHandler can't return null
or throw exception
                 Key: CXF-6561
                 URL: https://issues.apache.org/jira/browse/CXF-6561
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 3.1.2
            Reporter: Karl von Randow


ResourceOwnerGrantHandler calls a customisable ResourceOwnerLoginHandler instance, however
the `createSubject(String, String)` method declares no exceptions, and a null return value
is not handled. This can possibly result in the issuing of an access token if the DataProvider
doesn't check for the null subject.

ResourceOwnerGrantHandler.createAccessToken(...) appears to expect that the ResourceOwnerLoginHandler
will throw an `Exception` (literally any Exception), however the method signature of the ResourceOwnerLoginHandler
interface doesn't allow that.

I will submit a pull request with a suggested fix.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message