Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Catch possible NullPointerException 

Some maps may throw a NullPointerException when get is called with null. This commit catches the exceptions and just leaves the delegate null.

Fixes gh-4936
This commit is contained in:
Michael J. Simons 2017-12-30 13:56:36 +01:00 committed by Rob Winch
parent 718052932a
commit 2b66793535
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
View File

@ -116,6 +116,7 @@ import java.util.Map;
* @see org.springframework.security.crypto.factory.PasswordEncoderFactories
*
* @author Rob Winch
* @author Michael Simons
* @since 5.0
*/
public class DelegatingPasswordEncoder implements PasswordEncoder {
@ -190,7 +191,11 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
return true;
}
String id = extractId(prefixEncodedPassword);
PasswordEncoder delegate = this.idToPasswordEncoder.get(id);
PasswordEncoder delegate = null;
try {
delegate = this.idToPasswordEncoder.get(id);
} catch(NullPointerException e) {
}
if(delegate == null) {
return this.defaultPasswordEncoderForMatches
.matches(rawPassword, prefixEncodedPassword);

19
crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
View File

@ -33,6 +33,7 @@ import static org.mockito.Mockito.when;
/**
* @author Rob Winch
* @author Michael Simons
* @since 5.0
*/
@RunWith(MockitoJUnitRunner.class)
@ -46,6 +47,9 @@ public class DelegatingPasswordEncoderTests {
@Mock
private PasswordEncoder invalidId;
@Mock
private Map<String, PasswordEncoder> throwingDelegates;
private String bcryptId = "bcrypt";
private String rawPassword = "password";
@ -167,6 +171,21 @@ public class DelegatingPasswordEncoderTests {
verifyZeroInteractions(this.bcrypt, this.noop);
}
@Test
public void matchesWhenIdIsNullThenFalse() {
when(this.throwingDelegates.containsKey(this.bcryptId)).thenReturn(true);
when(this.throwingDelegates.get(this.bcryptId)).thenReturn(this.bcrypt);
when(this.throwingDelegates.get(null)).thenThrow(NullPointerException.class);
DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, throwingDelegates);
assertThatThrownBy(() -> passwordEncoder.matches(this.rawPassword, this.rawPassword))
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
verifyZeroInteractions(this.bcrypt, this.noop);
}
@Test
public void matchesWhenNullIdThenDelegatesToInvalidId() {
this.delegates.put(null, this.invalidId);