[jira] [Created] (CXF-8035) Checking on null values in HTTP Header for protected JWS header

Jan Bernhardt (JIRA) Mon, 06 May 2019 05:53:06 -0700

Jan Bernhardt created CXF-8035:
----------------------------------

             Summary: Checking on null values in HTTP Header for protected JWS 
header
                 Key: CXF-8035
                 URL: https://issues.apache.org/jira/browse/CXF-8035
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 3.3.1
            Reporter: Jan Bernhardt
            Assignee: Colm O hEigeartaigh



If a HTTP header is set but without a value, the current implementation causes 
a Nullpointer exception.

[https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JoseJaxrsUtils.java]

Line 79 needs to be changed from 
{code:java}
if (headerValues != null) {{code}
to:
{code:java}
if (headerValues != null || headerValues.isEmpty() || headerValues.get(0) != 
null) {{code}
In my case the header was set but without any values causing 
{{headerValues.get(0)}} to return {{null}}. The following code invokes 
{{.toString()}} on this null value causing the Nullpoiniter.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (CXF-8035) Checking on null values in HTTP Header for protected JWS header

Reply via email to