From feaf7cd87486c451ac48f6c7443f57b64be3b00b Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 7 May 2024 18:54:37 +0200
Subject: fix(core): possible nullPointerException in case of HTTP cookies
 enabled but no cookie available

---
 .../eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'eaaf_core/src')

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
index 98da0c46..4b69d17b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
@@ -46,12 +46,14 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
     
     if (StringUtils.isNotEmpty(storedAuthProcessIdentifier)) {
       Cookie authProcessIdentifier = WebUtils.getCookie(httpReq, HTTP_COOKIE_SEC);
-      if (storedAuthProcessIdentifier.equals(authProcessIdentifier.getValue())) {
+      if (authProcessIdentifier != null
+          && storedAuthProcessIdentifier.equals(authProcessIdentifier.getValue())) {
         log.trace("Stored authentication-process HTTP cookie matches. Resume process ... ");
         
       } else {
         log.info("Stored authentication-process-Id:{} does not match to Id from HTTP cookie:{}",
-            storedAuthProcessIdentifier, authProcessIdentifier);
+            storedAuthProcessIdentifier,
+            authProcessIdentifier != null ? authProcessIdentifier.toString() : " ---no cookie---");
         throw new EaafSecurityException("process.80");
         
       }
-- 
cgit v1.2.3