Skip to content

Commit

Permalink
Fix null pointer exception when getting jwt validator based on the is…
Browse files Browse the repository at this point in the history
…suer
  • Loading branch information
pubudu538 committed Mar 31, 2024
1 parent ed9e2c1 commit cd7a159
Showing 1 changed file with 16 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
import org.wso2.apk.enforcer.security.jwt.validator.JWTValidator;
import org.wso2.apk.enforcer.security.jwt.validator.RevokedJWTDataHolder;
import org.wso2.apk.enforcer.subscription.SubscriptionDataHolder;
import org.wso2.apk.enforcer.subscription.SubscriptionDataStore;
import org.wso2.apk.enforcer.server.RevokedTokenRedisClient;
import org.wso2.apk.enforcer.tracing.TracingConstants;
import org.wso2.apk.enforcer.tracing.TracingSpan;
Expand Down Expand Up @@ -472,8 +473,21 @@ private JWTValidationInfo getJwtValidationInfo(String jwtToken, String organizat
try {
// Get issuer
String issuer = jwtClaimsSet.getIssuer();
JWTValidator jwtValidator = SubscriptionDataHolder.getInstance().getSubscriptionDataStore(organization)
.getJWTValidatorByIssuer(issuer, environment);
SubscriptionDataStore subscriptionDataStore = SubscriptionDataHolder.getInstance()
.getSubscriptionDataStore(organization);
if (subscriptionDataStore == null) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
JWTValidator jwtValidator = subscriptionDataStore.getJWTValidatorByIssuer(issuer, environment);
// If no validator found for the issuer, we are not caching the token.
if (jwtValidator == null) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}

// If no validator found for the issuer, we are not caching the token.
if (jwtValidator == null) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
Expand Down

0 comments on commit cd7a159

Please sign in to comment.