Fixed NPE in HttpsRedirectWebFilter

A more descriptive IllegalStateException is now thrown instead
in the case that no such port mapping exists.

Fixes: gh-6639

web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java

@@ -17,6 +17,7 @@
 package org.springframework.security.web.server.transport;
 
 import java.net.URI;
+import java.util.Optional;
 
 import reactor.core.publisher.Mono;
 
@@ -101,8 +102,9 @@ public final class HttpsRedirectWebFilter implements WebFilter {
 				UriComponentsBuilder.fromUri(exchange.getRequest().getURI());
 
 		if (port > 0) {
-			port = this.portMapper.lookupHttpsPort(port);
+			builder.port(Optional.ofNullable(this.portMapper.lookupHttpsPort(port))
-			builder.port(port);
+									.orElseThrow(() -> new IllegalStateException(
+										"HTTP Port '" + port + "' does not have a corresponding HTTPS Port")));
 		}
 
 		return builder.scheme("https").build().toUri();

web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java

@@ -112,6 +112,12 @@ public class HttpsRedirectWebFilterTests {
 		verify(portMapper).lookupHttpsPort(314);
 	}
 
+	@Test
+	public void filterWhenRequestIsInsecureAndNoPortMappingThenThrowsIllegalState() {
+		ServerWebExchange exchange = get("http://localhost:1234");
+		assertThatCode(() -> this.filter.filter(exchange, this.chain).block())
+				.isInstanceOf(IllegalStateException.class);
+	}
 
 	@Test
 	public void filterWhenInsecureRequestHasAPathThenRedirects() {