[CXF-6153] OAuthRequestFilter throws NullPointerException when "Authorization" header is missing - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.2
Fix Version/s: 3.0.4, 2.7.15, 3.1
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Novice

Description

OAuthRequestFilter, when validating a request, is calling the AuthorizationUtils.getAuthorizationParts method to get the actual authorization for current request. A List of headers with name "Authorization" is requested and since HttpHeadersImpl do not longer returns empty list but null, a NullPointerException is thrown.

Part of the exception:
java.lang.NullPointerException
at org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:76)
at org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.getAuthorizationParts(AuthorizationUtils.java:69)
at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.getAuthorizationParts(OAuthRequestFilter.java:227)
at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:83)
at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:72)

Attachments

Issue Links

is duplicated by

CXF-6248 NPE at OAuthRequestFilter when no Authorization header found

Closed

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Michal Sabo

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Dec/14 15:06

Updated:: 16/Feb/15 16:08

Resolved:: 12/Dec/14 17:11