GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add null check for authentication token in JwtAuthenticationProvider 

Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.

Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
pull/17033/head
chanbinme 6 months ago committed by Rob Winch
parent
c2c84c4243
commit
9cf5638914
2 changed files with 15 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
  2. 16
      oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java

1
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
Unescape View File

@ -87,6 +87,7 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication; BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
Jwt jwt = getJwt(bearer); Jwt jwt = getJwt(bearer);
AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt); AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
Assert.notNull(token, "token cannot be null");
if (token.getDetails() == null) { if (token.getDetails() == null) {
token.setDetails(bearer.getDetails()); token.setDetails(bearer.getDetails());
} }

16
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
Unescape View File

@ -35,8 +35,7 @@ import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.TestJwts; import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes; import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.*;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
@ -152,6 +151,19 @@ public class JwtAuthenticationProviderTests {
// @formatter:on // @formatter:on
} }
@Test
public void authenticateWhenConverterReturnsNullThenThrowException() {
BearerTokenAuthenticationToken token = this.authentication();
Jwt jwt = TestJwts.jwt().build();
given(this.jwtDecoder.decode("token")).willReturn(jwt);
given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(null);
// @formatter:off
assertThatIllegalArgumentException()
.isThrownBy(() -> this.provider.authenticate(token))
.withMessageContaining("token cannot be null");
// @formatter:on
}
@Test @Test
public void supportsWhenBearerTokenAuthenticationTokenThenReturnsTrue() { public void supportsWhenBearerTokenAuthenticationTokenThenReturnsTrue() {
assertThat(this.provider.supports(BearerTokenAuthenticationToken.class)).isTrue(); assertThat(this.provider.supports(BearerTokenAuthenticationToken.class)).isTrue();

Write Preview
Loading…
Cancel
Save