You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/13 14:38:23 UTC

[1/2] cxf git commit: NPE fix

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes e80086821 -> 2e8802825


NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/13521bd1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/13521bd1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/13521bd1

Branch: refs/heads/3.1.x-fixes
Commit: 13521bd10962d41f16f699f42876874b53a448f3
Parents: e800868
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 13 11:15:30 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 13 13:37:00 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/services/RedirectionBasedGrantService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/13521bd1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 51ea97e..667de92 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -271,7 +271,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
             sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
         }
         String sessionToken = params.getFirst(sessionTokenParamName);
-        if (!compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
+        if (sessionToken == null || !compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
             throw ExceptionUtils.toBadRequestException(null, null);     
         }

[2/2] cxf git commit: Use client id instead of principal name if it's available

Posted by co...@apache.org.

Use client id instead of principal name if it's available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2e880282
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2e880282
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2e880282

Branch: refs/heads/3.1.x-fixes
Commit: 2e88028254a89e6ecea2bf607b50f60d66aaeaae
Parents: 13521bd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 13 12:25:57 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 13 13:37:01 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/services/AbstractTokenService.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2e880282/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 29eadcb..61e3165 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -65,12 +65,12 @@ public class AbstractTokenService extends AbstractOAuthService {
                 client = getAndValidateClientFromIdAndSecret(clientId,
                                               params.getFirst(OAuthConstants.CLIENT_SECRET));
             }
-        } else if (principal.getName() != null) {
-            client = getClient(principal.getName());
         } else {
             String clientId = retrieveClientId(params);
             if (clientId != null) {
                 client = getClient(clientId);
+            } else if (principal.getName() != null) {
+                client = getClient(principal.getName());
             } 
         }
         if (client == null) {