[CXF-7504] NPE in oauth2 module for jose auth code tokens - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.0
Fix Version/s: 3.1.14, 3.2.1
Component/s: None
Labels:
None

Estimated Complexity:
Unknown

Description

org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#protectStateString calls org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#getInitializedEncryptionProvider which calls org.apache.cxf.rs.security.jose.jwe.JweUtils#loadEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweHeaders, boolean) with headers == null but in the stack org.apache.cxf.rs.security.jose.jwe.JweUtils#loadKeyEncryptionProvider assumes headers != null which leads to a NPE

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Romain Manni-Bucau

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Sep/17 06:33

Updated:: 28/Nov/17 10:51

Resolved:: 15/Sep/17 15:33