root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Improve NPE Handling

This commit is contained in:
Josh Cummings 2025-04-22 14:37:47 -06:00
parent 61d6fbc2a9
commit bc9ae1eed6
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
View File

@ -29,6 +29,7 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContextException;
import org.springframework.core.log.LogMessage;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.access.AccessDeniedException;
@ -214,7 +215,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
*/
@Override
protected List<UserDetails> loadUsersByUsername(String username) {
return getJdbcTemplate().query(getUsersByUsernameQuery(), this.userDetailsMapper, username);
return requireJdbcTemplate().query(getUsersByUsernameQuery(), this.userDetailsMapper, username);
}
private UserDetails mapToUser(ResultSet rs, int rowNum) throws SQLException {
@ -237,7 +238,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override
public void createUser(final UserDetails user) {
validateUserDetails(user);
getJdbcTemplate().update(this.createUserSql, (ps) -> {
requireJdbcTemplate().update(this.createUserSql, (ps) -> {
ps.setString(1, user.getUsername());
ps.setString(2, user.getPassword());
ps.setBoolean(3, user.isEnabled());
@ -257,7 +258,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override
public void updateUser(final UserDetails user) {
validateUserDetails(user);
getJdbcTemplate().update(this.updateUserSql, (ps) -> {
requireJdbcTemplate().update(this.updateUserSql, (ps) -> {
ps.setString(1, user.getPassword());
ps.setBoolean(2, user.isEnabled());
int paramCount = ps.getParameterMetaData().getParameterCount();
@ -281,7 +282,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
private void insertUserAuthorities(UserDetails user) {
for (GrantedAuthority auth : user.getAuthorities()) {
getJdbcTemplate().update(this.createAuthoritySql, user.getUsername(), auth.getAuthority());
requireJdbcTemplate().update(this.createAuthoritySql, user.getUsername(), auth.getAuthority());
}
}
@ -290,12 +291,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
if (getEnableAuthorities()) {
deleteUserAuthorities(username);
}
getJdbcTemplate().update(this.deleteUserSql, username);
requireJdbcTemplate().update(this.deleteUserSql, username);
this.userCache.removeUserFromCache(username);
}
private void deleteUserAuthorities(String username) {
getJdbcTemplate().update(this.deleteUserAuthoritiesSql, username);
requireJdbcTemplate().update(this.deleteUserAuthoritiesSql, username);
}
@Override
@ -318,7 +319,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
this.logger.debug("No authentication manager set. Password won't be re-checked.");
}
this.logger.debug("Changing password for user '" + username + "'");
getJdbcTemplate().update(this.changePasswordSql, newPassword, username);
requireJdbcTemplate().update(this.changePasswordSql, newPassword, username);
Authentication authentication = createNewAuthentication(currentUser, newPassword);
SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
context.setAuthentication(authentication);
@ -336,7 +337,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override
public boolean userExists(String username) {
List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, String.class, username);
List<String> users = requireJdbcTemplate().queryForList(this.userExistsSql, String.class, username);
if (users.size() > 1) {
throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'",
1);
@ -346,13 +347,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override
public List<String> findAllGroups() {
return getJdbcTemplate().queryForList(this.findAllGroupsSql, String.class);
return requireJdbcTemplate().queryForList(this.findAllGroupsSql, String.class);
}
@Override
public List<String> findUsersInGroup(String groupName) {
Assert.hasText(groupName, "groupName should have text");
return getJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName);
return requireJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName);
}
@Override
@ -361,11 +362,11 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.notNull(authorities, "authorities cannot be null");
this.logger.debug("Creating new group '" + groupName + "' with authorities "
+ AuthorityUtils.authorityListToSet(authorities));
getJdbcTemplate().update(this.insertGroupSql, groupName);
requireJdbcTemplate().update(this.insertGroupSql, groupName);
int groupId = findGroupId(groupName);
for (GrantedAuthority a : authorities) {
String authority = a.getAuthority();
getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
requireJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
ps.setInt(1, groupId);
ps.setString(2, authority);
});
@ -378,9 +379,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(groupName, "groupName should have text");
int id = findGroupId(groupName);
PreparedStatementSetter groupIdPSS = (ps) -> ps.setInt(1, id);
getJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS);
getJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS);
getJdbcTemplate().update(this.deleteGroupSql, groupIdPSS);
requireJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS);
requireJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS);
requireJdbcTemplate().update(this.deleteGroupSql, groupIdPSS);
}
@Override
@ -388,7 +389,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
this.logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'");
Assert.hasText(oldName, "oldName should have text");
Assert.hasText(newName, "newName should have text");
getJdbcTemplate().update(this.renameGroupSql, newName, oldName);
requireJdbcTemplate().update(this.renameGroupSql, newName, oldName);
}
@Override
@ -397,7 +398,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(username, "username should have text");
Assert.hasText(groupName, "groupName should have text");
int id = findGroupId(groupName);
getJdbcTemplate().update(this.insertGroupMemberSql, (ps) -> {
requireJdbcTemplate().update(this.insertGroupMemberSql, (ps) -> {
ps.setInt(1, id);
ps.setString(2, username);
});
@ -410,7 +411,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(username, "username should have text");
Assert.hasText(groupName, "groupName should have text");
int id = findGroupId(groupName);
getJdbcTemplate().update(this.deleteGroupMemberSql, (ps) -> {
requireJdbcTemplate().update(this.deleteGroupMemberSql, (ps) -> {
ps.setInt(1, id);
ps.setString(2, username);
});
@ -421,7 +422,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
public List<GrantedAuthority> findGroupAuthorities(String groupName) {
this.logger.debug("Loading authorities for group '" + groupName + "'");
Assert.hasText(groupName, "groupName should have text");
return getJdbcTemplate().query(this.groupAuthoritiesSql, this.grantedAuthorityMapper, groupName);
return requireJdbcTemplate().query(this.groupAuthoritiesSql, this.grantedAuthorityMapper, groupName);
}
private GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException {
@ -435,7 +436,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(groupName, "groupName should have text");
Assert.notNull(authority, "authority cannot be null");
int id = findGroupId(groupName);
getJdbcTemplate().update(this.deleteGroupAuthoritySql, (ps) -> {
requireJdbcTemplate().update(this.deleteGroupAuthoritySql, (ps) -> {
ps.setInt(1, id);
ps.setString(2, authority.getAuthority());
});
@ -447,14 +448,20 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(groupName, "groupName should have text");
Assert.notNull(authority, "authority cannot be null");
int id = findGroupId(groupName);
getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
requireJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
ps.setInt(1, id);
ps.setString(2, authority.getAuthority());
});
}
private int findGroupId(String group) {
return getJdbcTemplate().queryForObject(this.findGroupIdSql, Integer.class, group);
return requireJdbcTemplate().queryForObject(this.findGroupIdSql, Integer.class, group);
}
private JdbcTemplate requireJdbcTemplate() {
JdbcTemplate jdbc = getJdbcTemplate();
Assert.notNull(jdbc, "JdbcTemplate cannot be null");
return jdbc;
}
/**