diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidationServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidationServiceImpl.java index 52eecbb825c8..6d094179d104 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidationServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidationServiceImpl.java @@ -71,13 +71,15 @@ public String getKeyManagerNameIfJwtValidatorExist(SignedJWTInfo signedJWTInfo) String issuer = signedJWTInfo.getJwtClaimsSet().getIssuer(); List<KeyManagerDto> keyManagerDtoList = KeyManagerHolder.getKeyManagerByIssuer(tenantDomain, issuer); KeyManagerDto keyManagerDto = null; - if (keyManagerDtoList.size() == 1) { // only one keymanager. no need to check if it can handle token - keyManagerDto = keyManagerDtoList.get(0); - } else { - for (KeyManagerDto kmrDto : keyManagerDtoList) { - if (kmrDto.getKeyManager().canHandleToken(signedJWTInfo.getToken())) { - keyManagerDto = kmrDto; - break; + if (keyManagerDtoList != null) { + if (keyManagerDtoList.size() == 1) { // only one keymanager. no need to check if it can handle token + keyManagerDto = keyManagerDtoList.get(0); + } else { + for (KeyManagerDto kmrDto : keyManagerDtoList) { + if (kmrDto.getKeyManager().canHandleToken(signedJWTInfo.getToken())) { + keyManagerDto = kmrDto; + break; + } } } }