[
https://issues.apache.org/jira/browse/CXF-6153?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-6153.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.7.15
3.0.4
3.1.0
Assignee: Sergey Beryozkin
> OAuthRequestFilter throws NullPointerException when "Authorization" header is
> missing
> -------------------------------------------------------------------------------------
>
> Key: CXF-6153
> URL: https://issues.apache.org/jira/browse/CXF-6153
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.0.2
> Reporter: Michal Sabo
> Assignee: Sergey Beryozkin
> Fix For: 3.1.0, 3.0.4, 2.7.15
>
>
> OAuthRequestFilter, when validating a request, is calling the
> AuthorizationUtils.getAuthorizationParts method to get the actual
> authorization for current request. A List of headers with name
> "Authorization" is requested and since HttpHeadersImpl do not longer returns
> empty list but null, a NullPointerException is thrown.
> Part of the exception:
> java.lang.NullPointerException
> at
> org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:76)
> at
> org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:69)
> at
> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.getAuthorizationParts(OAuthRequestFilter.java:227)
> at
> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:83)
> at
> org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:72)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
