[keycloak-user] Defect in the OIDCAttributeMapperHelper class
Bill Burke
bburke at redhat.com
Fri Nov 20 14:37:58 EST 2015
If the value is null, then no attribute should be set. What does "blows
up" mean? NPE? Stack trace?
On 11/20/2015 2:30 PM, Jeff Macomber wrote:
> HI,
>
> I believe i have come across a defect in the OIDCAttributeMapperHelper
> class. The issue occurs when you have a String Attribute which is set
> with no value using a custom federation provider. The code blows up on
> the line:
> return attributeValue.toString(); (Line 64)
>
> in the section of code:
> String type = mappingModel.getConfig().get(JSON_TYPE);
> if (type == null) return attributeValue;
> if (type.equals("boolean")) {
> if (attributeValue instanceof Boolean) return attributeValue;
> if (attributeValue instanceof String) return
> Boolean.valueOf((String)attributeValue);
> throw new RuntimeException("cannot map type for token claim");
> } else if (type.equals("String")) {
> if (attributeValue instanceof String) return attributeValue;
> return attributeValue.toString();
> } else if (type.equals("long")) {
> if (attributeValue instanceof Long) return attributeValue;
> if (attributeValue instanceof String) return
> Long.valueOf((String)attributeValue);
> throw new RuntimeException("cannot map type for token claim");
> } else if (type.equals("int")) {
> if (attributeValue instanceof Integer) return attributeValue;
> if (attributeValue instanceof String) return
> Integer.valueOf((String)attributeValue);
> throw new RuntimeException("cannot map type for token claim");
> }
> return attributeValue;
>
> The attribute exists with no value which causes the attrbuteValue to be
> null and there is no check for null at that point. I would expect it
> would return empty string if the type is string and the value is null.
>
> Thanks,
> jeff
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list