Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8035

Checking on null values in HTTP Header for protected JWS header

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.3.1
    • 3.2.9, 3.3.2
    • JAX-RS Security
    • None
    • Unknown

    Description

      If a HTTP header is set but without a value, the current implementation causes a Nullpointer exception.

      https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JoseJaxrsUtils.java

      Line 79 needs to be changed fromĀ 

      if (headerValues != null) {

      to:

      if (headerValues != null || headerValues.isEmpty() || headerValues.get(0) != null) {

      In my case the header was set but without any values causing headerValues.get(0) to return null. The following code invokes .toString() on this null value causing the Nullpoiniter.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            jan4talend Jan Bernhardt
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: