From cd7a159889189fccf430b96f028d32aa8a7c02d7 Mon Sep 17 00:00:00 2001 From: Pubudu Gunatilaka Date: Sun, 31 Mar 2024 11:36:16 +0530 Subject: [PATCH] Fix null pointer exception when getting jwt validator based on the issuer --- .../security/jwt/Oauth2Authenticator.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java index 0c20eb00b8..586ca88144 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/Oauth2Authenticator.java @@ -48,6 +48,7 @@ import org.wso2.apk.enforcer.security.jwt.validator.JWTValidator; import org.wso2.apk.enforcer.security.jwt.validator.RevokedJWTDataHolder; import org.wso2.apk.enforcer.subscription.SubscriptionDataHolder; +import org.wso2.apk.enforcer.subscription.SubscriptionDataStore; import org.wso2.apk.enforcer.server.RevokedTokenRedisClient; import org.wso2.apk.enforcer.tracing.TracingConstants; import org.wso2.apk.enforcer.tracing.TracingSpan; @@ -472,8 +473,21 @@ private JWTValidationInfo getJwtValidationInfo(String jwtToken, String organizat try { // Get issuer String issuer = jwtClaimsSet.getIssuer(); - JWTValidator jwtValidator = SubscriptionDataHolder.getInstance().getSubscriptionDataStore(organization) - .getJWTValidatorByIssuer(issuer, environment); + SubscriptionDataStore subscriptionDataStore = SubscriptionDataHolder.getInstance() + .getSubscriptionDataStore(organization); + if (subscriptionDataStore == null) { + throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), + APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, + APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE); + } + JWTValidator jwtValidator = subscriptionDataStore.getJWTValidatorByIssuer(issuer, environment); + // If no validator found for the issuer, we are not caching the token. + if (jwtValidator == null) { + throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), + APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, + APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE); + } + // If no validator found for the issuer, we are not caching the token. if (jwtValidator == null) { throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),