[
https://issues.apache.org/jira/browse/CXF-6153?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michal Sabo updated CXF-6153:
-----------------------------
Description:
OAuthRequestFilter, when validating a request, is calling the
AuthorizationUtils.getAuthorizationParts method to get the actual authorization
for current request. A List of headers with name "Authorization" is requested
and since HttpHeadersImpl do not longer returns empty list but null, a
NullPointerException is thrown.
Part of the exception:
java.lang.NullPointerException
at
org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:76)
at
org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:69)
at
org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.getAuthorizationParts(OAuthRequestFilter.java:227)
at
org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:83)
at
org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:72)
was:
OAuthRequestFilter when validating request is calling method
AuthorizationUtils.getAuthorizationParts to get the actual authorization for
current request.
A List of headers with name "Authorization" is requested and since
HttpHeadersImpl do not longer returns empty list but null, a
NullPointerException is thrown.
Part of the exception:
java.lang.NullPointerException
at
org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:76)
at
org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:69)
at
org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.getAuthorizationParts(OAuthRequestFilter.java:227)
at
org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:83)
at
org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:72)
> OAuthRequestFilter throws NullPointerException when "Authorization" header is
> missing
> -------------------------------------------------------------------------------------
>
> Key: CXF-6153
> URL: https://issues.apache.org/jira/browse/CXF-6153
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.0.2
> Reporter: Michal Sabo
>
> OAuthRequestFilter, when validating a request, is calling the
> AuthorizationUtils.getAuthorizationParts method to get the actual
> authorization for current request. A List of headers with name
> "Authorization" is requested and since HttpHeadersImpl do not longer returns
> empty list but null, a NullPointerException is thrown.
> Part of the exception:
> java.lang.NullPointerException
> at
> org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:76)
> at
> org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:69)
> at
> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.getAuthorizationParts(OAuthRequestFilter.java:227)
> at
> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:83)
> at
> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:72)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
