- changed status to open
IssValidator throws NullPointerException
Hi,
The expectedValue()
method of the IssValidator class seems to throw a NullPointerException, due to not initialized expectedIssuers
field.
More details:
When I build my JWT Consumer and I want to set the issuer as required, I'm doing:
JwtConsumerBuilder.setExpectedIssuer(true, null);
I just need to set the issuer as required, and don't need any expected issuers list.
This JWT Consumer uses the IssValidator
:
public IssValidator(boolean requireIssuer, String... expectedIssuers)
{
this.requireIssuer = requireIssuer;
if (expectedIssuers != null && expectedIssuers.length > 0)
{
this.expectedIssuers = new HashSet<>();
Collections.addAll(this.expectedIssuers, expectedIssuers);
}
}
If the expectedIssuers
constructor parameter is null (which is supported by the documentation), the corresponding private field is not initialized at all.
Then, when validate()
is called, the following code is executed:
if (issuer == null)
{
return requireIssuer ? new Error(ErrorCodes.ISSUER_MISSING, "No Issuer (iss) claim present but was expecting " + expectedValue()) : null;
}
In case the issuer is missing, the error message is built by calling expectedValue()
, and here is the problem:
private String expectedValue()
{
return expectedIssuers.size() == 1 ? expectedIssuers.iterator().next() : "one of " + expectedIssuers;
}
There is no check against a null value, so a NullPointerException is thrown and the expected error message ErrorCodes.ISSUER_MISSING
is replaced by this NullPointerException.
Thank you in advance.
Laura
Comments (4)
-
repo owner -
repo owner - changed status to resolved
-
reporter Thank you for your quick fix! :)
-
repo owner - changed status to closed
released in jose4j-0.7.0 https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes#!jose4j-070-january-17-2019
- Log in to comment
Well shoot... thanks for catching that one and for the easily digestible description.