Merge pull request #428 from nuwand/release-4.2.6

Fixing APIMANAGER-3868
wso2-attic · Jun 12, 2015 · ff297c6 · ff297c6
2 parents 2cb1046 + decfe70
commit ff297c6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/...oint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java b/...oint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
@@ -92,6 +92,11 @@ public Response issueAccessToken(@Context HttpServletRequest request,
                         return handleBasicAuthFailure();
                     }
 
+                    //If a client sends an invalid base64 encoded clientid:clientsecret value, it results in this
+                    //array to only contain 1 element. This happens on specific errors though.
+                    if(clientCredentials == null || clientCredentials.length < 2){
+                        return handleBasicAuthFailure();
+                    }
                     // add the credentials available in Authorization header to the parameter map
                     paramMap.add(OAuth.OAUTH_CLIENT_ID, clientCredentials[0]);
                     paramMap.add(OAuth.OAUTH_CLIENT_SECRET, clientCredentials[1]);