You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2019/05/07 11:38:00 UTC

[jira] [Updated] (CXF-8035) Checking on null values in HTTP Header for protected JWS header

     [ https://issues.apache.org/jira/browse/CXF-8035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated CXF-8035:
-------------------------------------
    Fix Version/s: 3.3.2
                   3.2.9

> Checking on null values in HTTP Header for protected JWS header
> ---------------------------------------------------------------
>
>                 Key: CXF-8035
>                 URL: https://issues.apache.org/jira/browse/CXF-8035
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.3.1
>            Reporter: Jan Bernhardt
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.2.9, 3.3.2
>
>
> If a HTTP header is set but without a value, the current implementation causes a Nullpointer exception.
> [https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JoseJaxrsUtils.java]
> Line 79 needs to be changed from 
> {code:java}
> if (headerValues != null) {{code}
> to:
> {code:java}
> if (headerValues != null || headerValues.isEmpty() || headerValues.get(0) != null) {{code}
> In my case the header was set but without any values causing {{headerValues.get(0)}} to return {{null}}. The following code invokes {{.toString()}} on this null value causing the Nullpoiniter.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)