summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2024-05-07 18:54:37 +0200
committerThomas <>2024-05-07 18:56:26 +0200
commitfeaf7cd87486c451ac48f6c7443f57b64be3b00b (patch)
tree89b64c4ed315626be69f0b6afeed1002f6e1638e
parenta8f1962bd2460cdc6cac8214e84ef037454b6e7d (diff)
downloadEAAF-Components-feaf7cd87486c451ac48f6c7443f57b64be3b00b.tar.gz
EAAF-Components-feaf7cd87486c451ac48f6c7443f57b64be3b00b.tar.bz2
EAAF-Components-feaf7cd87486c451ac48f6c7443f57b64be3b00b.zip
fix(core): possible nullPointerException in case of HTTP cookies enabled but no cookie available
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java6
1 files changed, 4 insertions, 2 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
index 98da0c46..4b69d17b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
@@ -46,12 +46,14 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
if (StringUtils.isNotEmpty(storedAuthProcessIdentifier)) {
Cookie authProcessIdentifier = WebUtils.getCookie(httpReq, HTTP_COOKIE_SEC);
- if (storedAuthProcessIdentifier.equals(authProcessIdentifier.getValue())) {
+ if (authProcessIdentifier != null
+ && storedAuthProcessIdentifier.equals(authProcessIdentifier.getValue())) {
log.trace("Stored authentication-process HTTP cookie matches. Resume process ... ");
} else {
log.info("Stored authentication-process-Id:{} does not match to Id from HTTP cookie:{}",
- storedAuthProcessIdentifier, authProcessIdentifier);
+ storedAuthProcessIdentifier,
+ authProcessIdentifier != null ? authProcessIdentifier.toString() : " ---no cookie---");
throw new EaafSecurityException("process.80");
}