NPE in DefaultJWTClaimsVerifier constructor when using acceptedAudience
Issue #402
open
The following call to acceptedAudienceValues.contains(null)
throws NPE when using set implementations of java.util.Set.copyOf(), java.util.TreeSet
but works with java.util.HashSet
.
This is perfectly fine according to the Java API: https://docs.oracle.com/javase/8/docs/api/java/util/Collection.html#contains-java.lang.Object-
Use acceptedAudienceValues.isEmpty()
instead to avoid the unpredictable behavior.
JDK 11.0.9.hs-adpt
Comments (2)
-
-
- changed status to open
- Log in to comment
This also applies to https://bitbucket.org/connect2id/nimbus-jose-jwt/src/cab54efd594c7c3a50e165bdc18171de5983b347/src/main/java/com/nimbusds/jwt/proc/DefaultJWTClaimsVerifier.java#lines-258