You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/03/09 17:41:57 UTC
cxf git commit: CXF-7264: NPE on OAuth RO/CC flows using JPA
Repository: cxf
Updated Branches:
refs/heads/master cd782fef1 -> 9e6b5d97c
CXF-7264: NPE on OAuth RO/CC flows using JPA
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9e6b5d97
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9e6b5d97
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9e6b5d97
Branch: refs/heads/master
Commit: 9e6b5d97cf2180a4f5694ba84866d0fe878f0479
Parents: cd782fe
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Mar 9 17:40:36 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Mar 9 17:40:36 2017 +0000
----------------------------------------------------------------------
.../oauth2/provider/JPAOAuthDataProvider.java | 14 +++++++------
.../provider/JPAOAuthDataProviderTest.java | 21 ++++++++++++++++++++
2 files changed, 29 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/9e6b5d97/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
index ce49673..859e2b1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
@@ -263,12 +263,14 @@ public class JPAOAuthDataProvider extends AbstractOAuthDataProvider {
}
serverToken.setScopes(perms);
- UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getLogin());
- if (sub == null) {
- em.persist(serverToken.getSubject());
- } else {
- sub = em.merge(serverToken.getSubject());
- serverToken.setSubject(sub);
+ if (serverToken.getSubject() != null) {
+ UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getLogin());
+ if (sub == null) {
+ em.persist(serverToken.getSubject());
+ } else {
+ sub = serverToken.getSubject();
+ serverToken.setSubject(sub);
+ }
}
// ensure we have a managed association
// (needed for OpenJPA : InvalidStateException: Encountered unmanaged object)
http://git-wip-us.apache.org/repos/asf/cxf/blob/9e6b5d97/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
index e42f2b9..25da9e2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
@@ -177,6 +177,27 @@ public class JPAOAuthDataProviderTest extends Assert {
}
@Test
+ public void testAddGetDeleteAccessTokenWithNullSubject() {
+ Client c = addClient("102", "bob");
+
+ AccessTokenRegistration atr = new AccessTokenRegistration();
+ atr.setClient(c);
+ atr.setApprovedScope(Collections.singletonList("a"));
+ atr.setSubject(null);
+
+ getProvider().createAccessToken(atr);
+ List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
+ assertNotNull(tokens);
+ assertEquals(1, tokens.size());
+
+ getProvider().removeClient(c.getClientId());
+
+ tokens = getProvider().getAccessTokens(c, null);
+ assertNotNull(tokens);
+ assertEquals(0, tokens.size());
+ }
+
+ @Test
public void testAddGetDeleteRefreshToken() {
Client c = addClient("101", "bob");