knox git commit: KNOX-602 - protect against NPE in audience validation

Tue, 06 Oct 2015 05:43:18 -0700 

Repository: knox
Updated Branches:
  refs/heads/master 539557c90 -> 055c9df52


KNOX-602 - protect against NPE in audience validation


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/055c9df5
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/055c9df5
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/055c9df5

Branch: refs/heads/master
Commit: 055c9df524e251b852986324141464497c3a402b
Parents: 539557c
Author: Larry McCay <lmc...@hortonworks.com>
Authored: Tue Oct 6 08:41:59 2015 -0400
Committer: Larry McCay <lmc...@hortonworks.com>
Committed: Tue Oct 6 08:42:31 2015 -0400

----------------------------------------------------------------------
 .../jwt/filter/SSOCookieFederationFilter.java          | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/055c9df5/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
----------------------------------------------------------------------
diff --git 
a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
 
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
index 18a9eea..4a17654 100644
--- 
a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
+++ 
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java
@@ -216,12 +216,13 @@ public class SSOCookieFederationFilter implements Filter {
     } else {
       // if any of the configured audiences is found then consider it
       // acceptable
-      for (String aud : tokenAudienceList) {
-        if (audiences.contains(aud)) {
-          //log.debug("JWT token audience has been successfully validated");
-          log.jwtAudienceValidated();
-          valid = true;
-          break;
+      if (tokenAudienceList != null) {
+        for (String aud : tokenAudienceList) {
+          if (audiences.contains(aud)) {
+            log.jwtAudienceValidated();
+            valid = true;
+            break;
+          }
         }
       }
     }

Reply via email to