diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java
index 7630225..10d6205 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java
@@ -270,7 +270,9 @@ public class InfinispanUserSessionProvider implements UserSessionProvider {
@Override
public void removeUserSession(RealmModel realm, UserSessionModel session) {
UserSessionEntity entity = getUserSessionEntity(session, false);
- removeUserSession(realm, entity, false);
+ if (entity != null) {
+ removeUserSession(realm, entity, false);
+ }
}
@Override
@@ -553,7 +555,7 @@ public class InfinispanUserSessionProvider implements UserSessionProvider {
return ((UserSessionAdapter) userSession).getEntity();
} else {
Cache<String, SessionEntity> cache = getCache(offline);
- return (UserSessionEntity) cache.get(userSession.getId());
+ return cache != null ? (UserSessionEntity) cache.get(userSession.getId()) : null;
}
}
@@ -578,7 +580,9 @@ public class InfinispanUserSessionProvider implements UserSessionProvider {
@Override
public void removeOfflineUserSession(RealmModel realm, UserSessionModel userSession) {
UserSessionEntity userSessionEntity = getUserSessionEntity(userSession, true);
- removeUserSession(realm, userSessionEntity, true);
+ if (userSessionEntity != null) {
+ removeUserSession(realm, userSessionEntity, true);
+ }
}
@Override
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
index e49665c..1ff3da9 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@@ -222,6 +222,22 @@ public class TokenEndpoint {
accessCode.setAction(null);
UserSessionModel userSession = clientSession.getUserSession();
+
+ if (userSession == null) {
+ event.error(Errors.USER_SESSION_NOT_FOUND);
+ throw new ErrorResponseException("invalid_grant", "User session not found", Response.Status.BAD_REQUEST);
+ }
+
+ UserModel user = userSession.getUser();
+ if (user == null) {
+ event.error(Errors.USER_NOT_FOUND);
+ throw new ErrorResponseException("invalid_grant", "User not found", Response.Status.BAD_REQUEST);
+ }
+ if (!user.isEnabled()) {
+ event.error(Errors.USER_DISABLED);
+ throw new ErrorResponseException("invalid_grant", "User disabled", Response.Status.BAD_REQUEST);
+ }
+
event.user(userSession.getUser());
event.session(userSession.getId());
@@ -241,17 +257,6 @@ public class TokenEndpoint {
throw new ErrorResponseException("invalid_grant", "Client not allowed to exchange code", Response.Status.BAD_REQUEST);
}
- UserModel user = session.users().getUserById(userSession.getUser().getId(), realm);
- if (user == null) {
- event.error(Errors.USER_NOT_FOUND);
- throw new ErrorResponseException("invalid_grant", "User not found", Response.Status.BAD_REQUEST);
- }
-
- if (!user.isEnabled()) {
- event.error(Errors.USER_DISABLED);
- throw new ErrorResponseException("invalid_grant", "User disabled", Response.Status.BAD_REQUEST);
- }
-
if (!AuthenticationManager.isSessionValid(realm, userSession)) {
event.error(Errors.USER_SESSION_NOT_FOUND);
throw new ErrorResponseException("invalid_grant", "Session not active", Response.Status.BAD_REQUEST);
