Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6153

OAuthRequestFilter throws NullPointerException when "Authorization" header is missing

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.0.4, 2.7.15, 3.1
    • Component/s: JAX-RS Security
    • Labels:
      None
    • Estimated Complexity:
      Novice

      Description

      OAuthRequestFilter, when validating a request, is calling the AuthorizationUtils.getAuthorizationParts method to get the actual authorization for current request. A List of headers with name "Authorization" is requested and since HttpHeadersImpl do not longer returns empty list but null, a NullPointerException is thrown.

      Part of the exception:
      java.lang.NullPointerException
      at org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:76)
      at org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:69)
      at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.getAuthorizationParts(OAuthRequestFilter.java:227)
      at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:83)
      at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:72)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sergey_beryozkin Sergey Beryozkin
                Reporter:
                sabomichal Michal Sabo
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: