Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 3f240045b -> 1c4ffc8ee
NPE fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1da85e32 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1da85e32 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1da85e32 Branch: refs/heads/3.0.x-fixes Commit: 1da85e324276d380836fb7dcbff2d83526b3946f Parents: 3f24004 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Nov 13 11:15:30 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Nov 13 13:38:59 2015 +0000 ---------------------------------------------------------------------- .../rs/security/oauth2/services/RedirectionBasedGrantService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1da85e32/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index a6260bd..e260bbc 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -229,7 +229,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN; } String sessionToken = params.getFirst(sessionTokenParamName); - if (!compareRequestAndSessionTokens(sessionToken, params, userSubject)) { + if (sessionToken == null || !compareRequestAndSessionTokens(sessionToken, params, userSubject)) { throw ExceptionUtils.toBadRequestException(null, null); } //TODO: additionally we can check that the Principal that got authenticated