GitHub user emswbandara opened a pull request:
https://github.com/apache/cxf/pull/295
Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization
header values with lenght less than 4
This PR fixes the following issue.
In the getAuthorizationPolicyFromMessage() method in
AbstractHTTPDestination class, the following line of code returns null when we
provide an encoded string with character length less than 4(invalid base64
data) as the value for basic authorization headers.(curl -k -d
"grant_type=password&username=Username&password=Password" -H "Authorization :
Basic som" http://localhost:8280/token)
byte[] authBytes = Base64Utility.decode(authEncoded) (line 175)
Since this is obtained as null the following line of code throws the NPE.
String authDecoded = decodeBasicAuthWithIso8859 ? new String(authBytes,
StandardCharsets.ISO_8859_1) : new String(authBytes)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/emswbandara/cxf master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cxf/pull/295.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #295
----
commit fc3995d9d4cf44eabea447adbd06e1419a5d6d00
Author: emsw.bandara <[email protected]>
Date: 2017-07-20T07:12:25Z
Prevent NPE thrown in getAuthorizationPolicyFromMessage for authorization
header values with lenght less than 4
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
