Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix NullPointerException 

- Caused by a malformed WWW-Authenticate value

Closes gh-9364
This commit is contained in:
tristanessquare 2020-12-22 14:02:42 +01:00 committed by Josh Cummings
parent acb5ae607b
commit 580b988e7f
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -70,6 +70,9 @@ public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
return null; return null;
} }
BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader); BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader);
if (bearerTokenError == null) {
return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null);
}
String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode() String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode()
: OAuth2ErrorCodes.SERVER_ERROR; : OAuth2ErrorCodes.SERVER_ERROR;
String errorDescription = bearerTokenError.getDescription(); String errorDescription = bearerTokenError.getDescription();

11
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -58,4 +58,13 @@ public class OAuth2ErrorResponseErrorHandlerTests {
.withMessage("[insufficient_scope] The access token expired"); .withMessage("[insufficient_scope] The access token expired");
} }
@Test
public void handleErrorWhenErrorResponseWithInvalidWwwAuthenticateHeaderThenHandled() {
String invalidWwwAuthenticateHeader = "Unauthorized";
MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, invalidWwwAuthenticateHeader);
assertThatExceptionOfType(OAuth2AuthorizationException.class)
.isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("[server_error] ");
}
} }