libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-965 NPE in TokenManager.verifyAccess if application is deleted

Browse source
This commit is contained in:
Stian Thorgersen 2015-01-16 11:25:05 +01:00
parent bf6c46da1c
commit 8828d6e2f1
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
View file

@ -185,7 +185,7 @@ public class TokenManager {
for (Map.Entry<String, AccessToken.Access> entry : token.getResourceAccess().entrySet()) {
ApplicationModel app = realm.getApplicationByName(entry.getKey());
if (app == null) {
throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Application no longer exists", "Application no longer exists: " + app.getName());
throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Application no longer exists", "Application no longer exists: " + entry.getKey());
}
for (String roleName : entry.getValue().getRoles()) {
RoleModel role = app.getRole(roleName);
@ -199,7 +199,6 @@ public class TokenManager {
throw new OAuthErrorException(OAuthErrorException.INVALID_SCOPE, "Client no longer has application scope" + roleName);
}
}
}
}
}