svn commit: r830967 - /cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java

Thu, 29 Oct 2009 07:41:32 -0700 

Author: dkulp
Date: Thu Oct 29 14:41:07 2009
New Revision: 830967

URL: http://svn.apache.org/viewvc?rev=830967&view=rev
Log:
[CXF-1791] Add an extra NPE and AIOOBE guard.

Modified:
    
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java

Modified: 
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java?rev=830967&r1=830966&r2=830967&view=diff
==============================================================================
--- 
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
 (original)
+++ 
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
 Thu Oct 29 14:41:07 2009
@@ -134,23 +134,25 @@
         if (requestHeaders.containsKey("Authorization")) {
             List<String> authorizationLines = 
requestHeaders.get("Authorization"); 
             String credentials = authorizationLines.get(0);
-            String authType = credentials.split(" ")[0];
-            if ("Basic".equals(authType)) {
-                String authEncoded = credentials.split(" ")[1];
-                try {
-                    String authDecoded = new 
String(Base64Utility.decode(authEncoded));
-                    String authInfo[] = authDecoded.split(":");
-                    String username = (authInfo.length > 0) ? authInfo[0] : "";
-                    // Below line for systems that blank out password after 
authentication;
-                    // see CXF-1495 for more info
-                    String password = (authInfo.length > 1) ? authInfo[1] : "";
-                    AuthorizationPolicy policy = new AuthorizationPolicy();
-                    policy.setUserName(username);
-                    policy.setPassword(password);
-                    
-                    message.put(AuthorizationPolicy.class, policy);
-                } catch (Base64Exception ex) {
-                    //ignore, we'll leave things alone.  They can try decoding 
it themselves
+            if (credentials != null && 
!StringUtils.isEmpty(credentials.trim())) {
+                String authType = credentials.split(" ")[0];
+                if ("Basic".equals(authType)) {
+                    String authEncoded = credentials.split(" ")[1];
+                    try {
+                        String authDecoded = new 
String(Base64Utility.decode(authEncoded));
+                        String authInfo[] = authDecoded.split(":");
+                        String username = (authInfo.length > 0) ? authInfo[0] 
: "";
+                        // Below line for systems that blank out password 
after authentication;
+                        // see CXF-1495 for more info
+                        String password = (authInfo.length > 1) ? authInfo[1] 
: "";
+                        AuthorizationPolicy policy = new AuthorizationPolicy();
+                        policy.setUserName(username);
+                        policy.setPassword(password);
+                        
+                        message.put(AuthorizationPolicy.class, policy);
+                    } catch (Base64Exception ex) {
+                        //ignore, we'll leave things alone.  They can try 
decoding it themselves
+                    }
                 }
             }
         }

Reply via email to