This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push: new 3b57c64 Avoid NPE in ClientCodeRequestFilter if the state is not configured 3b57c64 is described below commit 3b57c646f07963a79b41bb39dabd875b09ed614a Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Mon Feb 19 16:57:31 2018 +0000 Avoid NPE in ClientCodeRequestFilter if the state is not configured --- .../cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java index e832b27..e5a9295 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java @@ -154,9 +154,9 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { private void checkSecurityContextEnd(ContainerRequestContext rc, MultivaluedMap<String, String> requestParams) { - String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE); SecurityContext sc = rc.getSecurityContext(); if (sc == null || sc.getUserPrincipal() == null) { + String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE); if (codeParam == null && requestParams.containsKey(OAuthConstants.ERROR_KEY) && !faultAccessDeniedResponses) { @@ -235,7 +235,9 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { ClientAccessToken at = null; if (codeParam != null) { AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, getAbsoluteRedirectUri(ui)); - grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER)); + if (state != null) { + grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER)); + } at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant, useAuthorizationHeader); } ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, requestParams, state); -- To stop receiving notification emails like this one, please contact cohei...@apache.org.