You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/20 16:02:20 UTC
[5/5] cxf git commit: Prevent an ArrayIndexOutOfBoundsException on an
empty token
Prevent an ArrayIndexOutOfBoundsException on an empty token
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/59169979
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/59169979
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/59169979
Branch: refs/heads/master
Commit: 591699793f0a995046da04757f7c498b044a7e57
Parents: 343d06d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jan 20 11:58:10 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jan 20 15:00:59 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java | 3 +++
1 file changed, 3 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/59169979/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index ae34c58..3963a1f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -87,6 +87,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
// WWW-Authenticate with the list of supported schemes will be sent back
// if the scheme is not accepted
String[] authParts = getAuthorizationParts(m);
+ if (authParts.length < 2) {
+ throw ExceptionUtils.toForbiddenException(null, null);
+ }
String authScheme = authParts[0];
String authSchemeData = authParts[1];