Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add null check for authentication token in JwtAuthenticationProvider

Browse Source 
Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.

Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
This commit is contained in:
chanbinme 2025-06-15 23:50:38 +09:00 committed by Rob Winch
parent c2c84c4243
commit 9cf5638914
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
View File

@ -87,6 +87,7 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication; BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
Jwt jwt = getJwt(bearer); Jwt jwt = getJwt(bearer);
AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt); AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
Assert.notNull(token, "token cannot be null");
if (token.getDetails() == null) { if (token.getDetails() == null) {
token.setDetails(bearer.getDetails()); token.setDetails(bearer.getDetails());
} }

16
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
View File

@ -35,8 +35,7 @@ import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.TestJwts; import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes; import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.*;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
@ -152,6 +151,19 @@ public class JwtAuthenticationProviderTests {
// @formatter:on // @formatter:on
} }
@Test
public void authenticateWhenConverterReturnsNullThenThrowException() {
BearerTokenAuthenticationToken token = this.authentication();
Jwt jwt = TestJwts.jwt().build();
given(this.jwtDecoder.decode("token")).willReturn(jwt);
given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(null);
// @formatter:off
assertThatIllegalArgumentException()
.isThrownBy(() -> this.provider.authenticate(token))
.withMessageContaining("token cannot be null");
// @formatter:on
}
@Test @Test
public void supportsWhenBearerTokenAuthenticationTokenThenReturnsTrue() { public void supportsWhenBearerTokenAuthenticationTokenThenReturnsTrue() {
assertThat(this.provider.supports(BearerTokenAuthenticationToken.class)).isTrue(); assertThat(this.provider.supports(BearerTokenAuthenticationToken.class)).isTrue();