Repository: cxf Updated Branches: refs/heads/3.1.x-fixes e80086821 -> 2e8802825
NPE fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/13521bd1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/13521bd1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/13521bd1 Branch: refs/heads/3.1.x-fixes Commit: 13521bd10962d41f16f699f42876874b53a448f3 Parents: e800868 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Nov 13 11:15:30 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Nov 13 13:37:00 2015 +0000 ---------------------------------------------------------------------- .../rs/security/oauth2/services/RedirectionBasedGrantService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/13521bd1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 51ea97e..667de92 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -271,7 +271,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN; } String sessionToken = params.getFirst(sessionTokenParamName); - if (!compareRequestAndSessionTokens(sessionToken, params, userSubject)) { + if (sessionToken == null || !compareRequestAndSessionTokens(sessionToken, params, userSubject)) { throw ExceptionUtils.toBadRequestException(null, null); }