[1/3] cxf git commit: NPE fix

Fri, 13 Nov 2015 05:42:13 -0800 

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 3f240045b -> 1c4ffc8ee


NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1da85e32
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1da85e32
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1da85e32

Branch: refs/heads/3.0.x-fixes
Commit: 1da85e324276d380836fb7dcbff2d83526b3946f
Parents: 3f24004
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Fri Nov 13 11:15:30 2015 +0000
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Fri Nov 13 13:38:59 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/services/RedirectionBasedGrantService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1da85e32/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index a6260bd..e260bbc 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -229,7 +229,7 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
             sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
         }
         String sessionToken = params.getFirst(sessionTokenParamName);
-        if (!compareRequestAndSessionTokens(sessionToken, params, 
userSubject)) {
+        if (sessionToken == null || 
!compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
             throw ExceptionUtils.toBadRequestException(null, null);     
         }
         //TODO: additionally we can check that the Principal that got 
authenticated

Reply via email to