Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed NPE in HttpsRedirectWebFilter 

A more descriptive IllegalStateException is now thrown instead
in the case that no such port mapping exists.

Fixes: gh-6639
This commit is contained in:
Scheidter,Ryan 2019-03-26 07:33:59 -05:00 committed by Josh Cummings
parent 8dd2864dea
commit 281ccff907
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
View File

@ -17,6 +17,7 @@
package org.springframework.security.web.server.transport;
import java.net.URI;
import java.util.Optional;
import reactor.core.publisher.Mono;
@ -101,8 +102,9 @@ public final class HttpsRedirectWebFilter implements WebFilter {
UriComponentsBuilder.fromUri(exchange.getRequest().getURI());
if (port > 0) {
port = this.portMapper.lookupHttpsPort(port);
builder.port(port);
builder.port(Optional.ofNullable(this.portMapper.lookupHttpsPort(port))
.orElseThrow(() -> new IllegalStateException(
"HTTP Port '" + port + "' does not have a corresponding HTTPS Port")));
}
return builder.scheme("https").build().toUri();

6
web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
View File

@ -112,6 +112,12 @@ public class HttpsRedirectWebFilterTests {
verify(portMapper).lookupHttpsPort(314);
}
@Test
public void filterWhenRequestIsInsecureAndNoPortMappingThenThrowsIllegalState() {
ServerWebExchange exchange = get("http://localhost:1234");
assertThatCode(() -> this.filter.filter(exchange, this.chain).block())
.isInstanceOf(IllegalStateException.class);
}
@Test
public void filterWhenInsecureRequestHasAPathThenRedirects() {