From aa96b1f1ed869b66307c2172c77dcae055c56319 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Fri, 3 Jul 2015 17:24:03 -0400
Subject: [PATCH] made things a little null safer

closes #813 (really)
---
 .../src/main/java/org/mitre/uma/model/ResourceSet.java       | 5 +++--
 .../mitre/uma/service/impl/DefaultResourceSetService.java    | 4 ++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
index de951aebd..9ff0d8aec 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
@@ -17,6 +17,7 @@
 package org.mitre.uma.model;
 
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Set;
 
 import javax.persistence.Basic;
@@ -53,13 +54,13 @@ public class ResourceSet {
 	private String name;
 	private String uri;
 	private String type;
-	private Set<String> scopes;
+	private Set<String> scopes = new HashSet<>();
 	private String iconUri;
 	
 	private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
 	private String clientId; // client id of the protected resource that registered this resource set via OAuth token
 	
-	private Collection<Policy> policies;
+	private Collection<Policy> policies = new HashSet<>();
 	
 	/**
 	 * @return the id
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
index 0cbd2a074..e1181aefc 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
@@ -103,6 +103,10 @@ public class DefaultResourceSetService implements ResourceSetService {
 	}
 	
 	private boolean checkScopeConsistency(ResourceSet rs) {
+		if (rs.getPolicies() == null) {
+			// nothing to check, no problem!
+			return true;
+		}
 		for (Policy policy : rs.getPolicies()) {
 			if (!rs.getScopes().containsAll(policy.getScopes())) {
 				return false;