Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 05:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1390: Added null check on claimedIdentifier returned by DiscoveryInformation to prevent NPE.

Browse Source
This commit is contained in:
Luke Taylor 2010-01-28 16:34:45 +00:00
parent b1243416fc
commit 8720966d20
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
View File

@ -158,7 +158,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
} }
} catch (MessageException e) { } catch (MessageException e) {
attributes.clear(); attributes.clear();
throw new OpenIDConsumerException("Attribute retrievel failed", e); throw new OpenIDConsumerException("Attribute retrieval failed", e);
} }
if (debug) { if (debug) {
logger.debug("Retrieved attributes" + attributes); logger.debug("Retrieved attributes" + attributes);
@ -169,8 +169,9 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
Identifier verified = verification.getVerifiedId(); Identifier verified = verification.getVerifiedId();
if (verified == null) { if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
discovered.getClaimedIdentifier().getIdentifier(), id == null ? "Unknown" : id.getIdentifier(),
"Verification status message: [" + verification.getStatusMsg() + "]", attributes); "Verification status message: [" + verification.getStatusMsg() + "]", attributes);
} }