You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2022/01/18 16:48:28 UTC
[cxf] branch 3.5.x-fixes updated: CXF-8641 NPE on NamePasswordCallbackHandler
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.5.x-fixes by this push:
new 299a294 CXF-8641 NPE on NamePasswordCallbackHandler
299a294 is described below
commit 299a294adbeb413f76edc0686c00df0096f00085
Author: Jan Filipski <Ja...@warta.pl>
AuthorDate: Tue Jan 18 11:24:32 2022 +0100
CXF-8641
NPE on NamePasswordCallbackHandler
(cherry picked from commit b4f45e7ece7d5f6bdda6df6284decbccc00817af)
---
.../security/NameDigestPasswordCallbackHandler.java | 2 +-
.../cxf/interceptor/security/NamePasswordCallbackHandler.java | 4 ++--
.../interceptor/security/NamePasswordCallbackHandlerTest.java | 11 +++++++++++
.../servlet/servicelist/ServiceListJAASAuthenticator.java | 5 +++--
4 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/NameDigestPasswordCallbackHandler.java b/core/src/main/java/org/apache/cxf/interceptor/security/NameDigestPasswordCallbackHandler.java
index a8e242d..97e0563 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/NameDigestPasswordCallbackHandler.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/NameDigestPasswordCallbackHandler.java
@@ -72,7 +72,7 @@ public class NameDigestPasswordCallbackHandler implements CallbackHandler {
((NameCallback) callback).setName(username);
} else if (callback instanceof PasswordCallback) {
PasswordCallback pwCallback = (PasswordCallback) callback;
- pwCallback.setPassword(password.toCharArray());
+ pwCallback.setPassword(password == null ? null : password.toCharArray());
} else if (!invokePasswordCallback(callback)) {
org.apache.cxf.common.i18n.Message errorMsg =
new org.apache.cxf.common.i18n.Message("UNSUPPORTED_CALLBACK_TYPE",
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java b/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java
index a5c7e81..c66bc72 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandler.java
@@ -64,7 +64,7 @@ public class NamePasswordCallbackHandler implements CallbackHandler {
((NameCallback) callback).setName(username);
} else if (callback instanceof PasswordCallback) {
PasswordCallback pwCallback = (PasswordCallback) callback;
- pwCallback.setPassword(password.toCharArray());
+ pwCallback.setPassword(password == null ? null : password.toCharArray());
} else if (!invokePasswordCallback(callback)) {
org.apache.cxf.common.i18n.Message errorMsg =
new org.apache.cxf.common.i18n.Message("UNSUPPORTED_CALLBACK_TYPE",
@@ -83,7 +83,7 @@ public class NamePasswordCallbackHandler implements CallbackHandler {
/*
* This method is called from the handle(Callback[]) method when the specified callback
* did not match any of the known callback classes. It looks for the callback method
- * having the specified method name with one of the suppported parameter types.
+ * having the specified method name with one of the supported parameter types.
* If found, it invokes the callback method on the object and returns true.
* If not, it returns false.
*/
diff --git a/core/src/test/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandlerTest.java b/core/src/test/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandlerTest.java
index ab21a15..047cab4 100755
--- a/core/src/test/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandlerTest.java
+++ b/core/src/test/java/org/apache/cxf/interceptor/security/NamePasswordCallbackHandlerTest.java
@@ -26,6 +26,7 @@ import javax.security.auth.callback.PasswordCallback;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
/**
@@ -75,6 +76,16 @@ public class NamePasswordCallbackHandlerTest {
assertEquals("dog", new String(((CharArrayCallback)callbacks[1]).getValue()));
}
+ @Test
+ public void testHandleCallbackNullPassword() throws Exception {
+ NamePasswordCallbackHandler handler = new NamePasswordCallbackHandler("Barry", null);
+ Callback[] callbacks =
+ new Callback[]{new NameCallback("name"), new PasswordCallback("password", false)};
+ handler.handle(callbacks);
+ assertEquals("Barry", ((NameCallback)callbacks[0]).getName());
+ assertNull(((PasswordCallback)callbacks[1]).getPassword());
+ }
+
static class ObjectCallback implements Callback {
private Object obj;
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
index 8562cd3..151fd3a 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
@@ -72,12 +72,13 @@ public class ServiceListJAASAuthenticator {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback)callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
- ((PasswordCallback)callbacks[i]).setPassword(password.toCharArray());
+ ((PasswordCallback)callbacks[i]).setPassword(
+ password == null ? null : password.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}