SEC-1820: Added null check for attributesToFetch in OpenID4JavaConsumer.

14 years ago · a573e7b395
1 changed files with 1 additions and 1 deletions
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@ -195,7 +195,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
				@@ -195,7 +195,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
    List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
            throws OpenIDConsumerException {

-        if (!authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+        if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
            return Collections.emptyList();
        }