diff options
author | Thomas <> | 2024-05-07 18:54:37 +0200 |
---|---|---|
committer | Thomas <> | 2024-05-07 18:56:26 +0200 |
commit | feaf7cd87486c451ac48f6c7443f57b64be3b00b (patch) | |
tree | 89b64c4ed315626be69f0b6afeed1002f6e1638e | |
parent | a8f1962bd2460cdc6cac8214e84ef037454b6e7d (diff) | |
download | EAAF-Components-feaf7cd87486c451ac48f6c7443f57b64be3b00b.tar.gz EAAF-Components-feaf7cd87486c451ac48f6c7443f57b64be3b00b.tar.bz2 EAAF-Components-feaf7cd87486c451ac48f6c7443f57b64be3b00b.zip |
fix(core): possible nullPointerException in case of HTTP cookies enabled but no cookie available
-rw-r--r-- | eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java index 98da0c46..4b69d17b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java @@ -46,12 +46,14 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator { if (StringUtils.isNotEmpty(storedAuthProcessIdentifier)) { Cookie authProcessIdentifier = WebUtils.getCookie(httpReq, HTTP_COOKIE_SEC); - if (storedAuthProcessIdentifier.equals(authProcessIdentifier.getValue())) { + if (authProcessIdentifier != null + && storedAuthProcessIdentifier.equals(authProcessIdentifier.getValue())) { log.trace("Stored authentication-process HTTP cookie matches. Resume process ... "); } else { log.info("Stored authentication-process-Id:{} does not match to Id from HTTP cookie:{}", - storedAuthProcessIdentifier, authProcessIdentifier); + storedAuthProcessIdentifier, + authProcessIdentifier != null ? authProcessIdentifier.toString() : " ---no cookie---"); throw new EaafSecurityException("process.80"); } |