[jira] [Created] (CXF-7504) NPE in oauth2 module for jose auth code tokens

Romain Manni-Bucau (JIRA) Thu, 14 Sep 2017 23:34:34 -0700

Romain Manni-Bucau created CXF-7504:
---------------------------------------


             Summary: NPE in oauth2 module for jose auth code tokens
                 Key: CXF-7504
                 URL: https://issues.apache.org/jira/browse/CXF-7504
             Project: CXF
          Issue Type: Bug
    Affects Versions: 3.2.0
            Reporter: Romain Manni-Bucau


org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#protectStateString
 calls 
org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#getInitializedEncryptionProvider
 which calls 
org.apache.cxf.rs.security.jose.jwe.JweUtils#loadEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweHeaders,
 boolean) with headers == null but in the stack 
org.apache.cxf.rs.security.jose.jwe.JweUtils#loadKeyEncryptionProvider assumes 
headers != null which leads to a NPE



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (CXF-7504) NPE in oauth2 module for jose auth code tokens

Reply via email to