[
https://issues.apache.org/jira/browse/CXF-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14716995#comment-14716995
]
ASF GitHub Bot commented on CXF-6561:
-------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/cxf/pull/83
> ResourceOwnerGrantHandler: ResourceOwnerLoginHandler can't return null or
> throw exception
> -----------------------------------------------------------------------------------------
>
> Key: CXF-6561
> URL: https://issues.apache.org/jira/browse/CXF-6561
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.2
> Reporter: Karl von Randow
>
> ResourceOwnerGrantHandler calls a customisable ResourceOwnerLoginHandler
> instance, however the `createSubject(String, String)` method declares no
> exceptions, and a null return value is not handled. This can possibly result
> in the issuing of an access token if the DataProvider doesn't check for the
> null subject.
> ResourceOwnerGrantHandler.createAccessToken(...) appears to expect that the
> ResourceOwnerLoginHandler will throw an `Exception` (literally any
> Exception), however the method signature of the ResourceOwnerLoginHandler
> interface doesn't allow that.
> I will submit a pull request with a suggested fix.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
