Permalink
Browse files

SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.

  • Loading branch information...
1 parent 4a000d0 commit a573e7b395abeb1a7bafc391b0a251f789b30f08 @tekul tekul committed Sep 20, 2011
@@ -195,7 +195,7 @@ public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) thro
List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
throws OpenIDConsumerException {
- if (!authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+ if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
return Collections.emptyList();
}

0 comments on commit a573e7b

Please sign in to comment.