Merge branch '5.7.x' into 5.8.x

Closes gh-14664
2 years ago · 2c9dc08e43
2 changed files with 4 additions and 1 deletions
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@ -61,7 +61,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
				@@ -61,7 +61,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

 	private boolean isFullyAuthenticated(Authentication authentication) {
-		return (!this.authenticationTrustResolver.isAnonymous(authentication)
+		return authentication != null && (!this.authenticationTrustResolver.isAnonymous(authentication)
 				&& !this.authenticationTrustResolver.isRememberMe(authentication));
 	}

--- a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
+++ b/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
@ -59,6 +59,7 @@ public class AuthenticatedVoterTests {
				@@ -59,6 +59,7 @@ public class AuthenticatedVoterTests {
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createAnonymous(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
 	}

 	@Test
@ -68,6 +69,7 @@ public class AuthenticatedVoterTests {
				@@ -68,6 +69,7 @@ public class AuthenticatedVoterTests {
 		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createRememberMe(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
 	}

 	@Test
@ -77,6 +79,7 @@ public class AuthenticatedVoterTests {
				@@ -77,6 +79,7 @@ public class AuthenticatedVoterTests {
 		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
 	}

 	@Test