SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.

2025-07-05 02:02:15 +00:00 · 2011-09-20 21:46:21 +01:00 · 2011-09-20 21:46:21 +01:00 · a573e7b395
commit a573e7b395
parent 4a000d040c
1 changed files with 1 additions and 1 deletions
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@ -195,7 +195,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
    List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
            throws OpenIDConsumerException {

-        if (!authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+        if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
            return Collections.emptyList();
        }