From 1cca72e6d8d33fae5352b731caf429072e3b73cc Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@gopivotal.com>
Date: Thu, 20 Nov 2014 14:40:51 -0600
Subject: [PATCH] SEC-2749: CsrfConfigurer.requireCsrfProtectionMatcher correct
 null check

---
 .../config/annotation/web/configurers/CsrfConfigurer.java  | 2 +-
 .../annotation/web/configurers/CsrfConfigurerTests.groovy  | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 2ed4d28dc7..47f906fd2a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -97,7 +97,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>> extends Abst
      * @return the {@link CsrfConfigurer} for further customizations
      */
     public CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher requireCsrfProtectionMatcher) {
-        Assert.notNull(csrfTokenRepository, "requireCsrfProtectionMatcher cannot be null");
+        Assert.notNull(requireCsrfProtectionMatcher, "requireCsrfProtectionMatcher cannot be null");
         this.requireCsrfProtectionMatcher = requireCsrfProtectionMatcher;
         return this;
     }
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy
index ca64d469dd..8f95a220aa 100644
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy
@@ -464,6 +464,13 @@ class CsrfConfigurerTests extends BaseSpringSpec {
         }
     }
 
+    def 'SEC-2749: requireCsrfProtectionMatcher null'() {
+        when:
+        new CsrfConfigurer<>().requireCsrfProtectionMatcher(null)
+        then:
+        thrown(IllegalArgumentException)
+    }
+
     def clearCsrfToken() {
         request.removeAllParameters()
     }