SEC-1792: Fixed NullPointerException in RunAsUserToken#toString()

core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java

@@ -73,7 +73,8 @@ public class RunAsUserToken extends AbstractAuthenticationToken {
 
     public String toString() {
         StringBuilder sb = new StringBuilder(super.toString());
-        sb.append("; Original Class: ").append(this.originalAuthentication.getName());
+        String className = this.originalAuthentication == null ? null : this.originalAuthentication.getName();
+        sb.append("; Original Class: ").append(className);
 
         return sb.toString();
     }

core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java

@@ -84,6 +84,14 @@ public class RunAsUserTokenTests extends TestCase {
         RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
                 UsernamePasswordAuthenticationToken.class);
-        assertTrue(token.toString().lastIndexOf("Original Class:") != -1);
+        assertTrue(token.toString().lastIndexOf("Original Class: "+UsernamePasswordAuthenticationToken.class.getName().toString()) != -1);
+    }
+
+    // SEC-1792
+    public void testToStringNullOriginalAuthentication() {
+        RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password",
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
+                null);
+        assertTrue(token.toString().lastIndexOf("Original Class: null") != -1);
     }
 }