Repository: knox Updated Branches: refs/heads/master 539557c90 -> 055c9df52
KNOX-602 - protect against NPE in audience validation Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/055c9df5 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/055c9df5 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/055c9df5 Branch: refs/heads/master Commit: 055c9df524e251b852986324141464497c3a402b Parents: 539557c Author: Larry McCay <lmc...@hortonworks.com> Authored: Tue Oct 6 08:41:59 2015 -0400 Committer: Larry McCay <lmc...@hortonworks.com> Committed: Tue Oct 6 08:42:31 2015 -0400 ---------------------------------------------------------------------- .../jwt/filter/SSOCookieFederationFilter.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/055c9df5/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java index 18a9eea..4a17654 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java @@ -216,12 +216,13 @@ public class SSOCookieFederationFilter implements Filter { } else { // if any of the configured audiences is found then consider it // acceptable - for (String aud : tokenAudienceList) { - if (audiences.contains(aud)) { - //log.debug("JWT token audience has been successfully validated"); - log.jwtAudienceValidated(); - valid = true; - break; + if (tokenAudienceList != null) { + for (String aud : tokenAudienceList) { + if (audiences.contains(aud)) { + log.jwtAudienceValidated(); + valid = true; + break; + } } } }