[cxf] branch master updated: Avoid NPE in ClientCodeRequestFilter if the state is not configured

Mon, 19 Feb 2018 08:58:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 3b57c64  Avoid NPE in ClientCodeRequestFilter if the state is not 
configured
3b57c64 is described below

commit 3b57c646f07963a79b41bb39dabd875b09ed614a
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Mon Feb 19 16:57:31 2018 +0000

    Avoid NPE in ClientCodeRequestFilter if the state is not configured
---
 .../cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index e832b27..e5a9295 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -154,9 +154,9 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 
     private void checkSecurityContextEnd(ContainerRequestContext rc,
                                          MultivaluedMap<String, String> 
requestParams) {
-        String codeParam = 
requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
         SecurityContext sc = rc.getSecurityContext();
         if (sc == null || sc.getUserPrincipal() == null) {
+            String codeParam = 
requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
             if (codeParam == null
                 && requestParams.containsKey(OAuthConstants.ERROR_KEY)
                 && !faultAccessDeniedResponses) {
@@ -235,7 +235,9 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
         ClientAccessToken at = null;
         if (codeParam != null) {
             AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, 
getAbsoluteRedirectUri(ui));
-            
grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+            if (state != null) {
+                
grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+            }
             at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, 
consumer, grant, useAuthorizationHeader);
         }
         ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, 
requestParams, state);

-- 
To stop receiving notification emails like this one, please contact
cohei...@apache.org.

Reply via email to