Karl von Randow created CXF-6561:
------------------------------------
Summary: ResourceOwnerGrantHandler: ResourceOwnerLoginHandler
can't return null or throw exception
Key: CXF-6561
URL: https://issues.apache.org/jira/browse/CXF-6561
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.1.2
Reporter: Karl von Randow
ResourceOwnerGrantHandler calls a customisable ResourceOwnerLoginHandler
instance, however the `createSubject(String, String)` method declares no
exceptions, and a null return value is not handled. This can possibly result in
the issuing of an access token if the DataProvider doesn't check for the null
subject.
ResourceOwnerGrantHandler.createAccessToken(...) appears to expect that the
ResourceOwnerLoginHandler will throw an `Exception` (literally any Exception),
however the method signature of the ResourceOwnerLoginHandler interface doesn't
allow that.
I will submit a pull request with a suggested fix.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
