Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-24 22:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Checks for NullPointerException in AuthoritiesAuthorizationManager

Browse Source 
- Fix checkstyle
- Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue

Closes gh-18544

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
This commit is contained in:
Robert Winch 2026-02-23 10:47:11 -06:00
parent d87dc9ae57
commit 1116241ee3
No known key found for this signature in database
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java
View File

@ -14,12 +14,12 @@
* limitations under the License.
*/
package org.springframework.security.authorization;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.util.function.Supplier;
import org.junit.jupiter.api.Test;
@ -32,6 +32,7 @@ import org.springframework.security.core.Authentication;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatNullPointerException;
/**
* Tests for {@link AuthoritiesAuthorizationManager}.
@ -45,7 +46,7 @@ class AuthoritiesAuthorizationManagerTests {
void setRoleHierarchyWhenNullThenIllegalArgumentException() {
AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
assertThatIllegalArgumentException().isThrownBy(() -> manager.setRoleHierarchy(null))
.withMessage("roleHierarchy cannot be null");
.withMessage("roleHierarchy cannot be null");
}
@Test
@ -88,14 +89,19 @@ class AuthoritiesAuthorizationManagerTests {
}
@Test
// gh-18543
void authorizeWhenAuthorityIsNullThenDoesNotThrowNullPointerException() {
AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
Authentication authentication = new TestingAuthenticationToken("user", "password",
Collections.singletonList(() -> null));
Collection<String> authorities = Collections.singleton("ROLE_USER");
Collection<String> authoritiesContainsThrowsNPE = Set.of("ROLE_USER");
assertThat(manager.authorize(() -> authentication, authorities).isGranted()).isFalse();
// must be Collection that throws NPE when .contains(null) is invoked
// to replicate the issue in gh-18543
assertThatNullPointerException().isThrownBy(() -> authoritiesContainsThrowsNPE.contains(null));
assertThat(manager.authorize(() -> authentication, authoritiesContainsThrowsNPE).isGranted()).isFalse();
}
}