root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 19 Packages Projects Releases Wiki Activity

Improve NPE Handling

This commit is contained in:
Josh Cummings 2025-04-22 14:37:47 -06:00
parent 61d6fbc2a9
commit bc9ae1eed6
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
View File

@ -29,6 +29,7 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContextException; import org.springframework.context.ApplicationContextException;
import org.springframework.core.log.LogMessage; import org.springframework.core.log.LogMessage;
import org.springframework.dao.IncorrectResultSizeDataAccessException; import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter; import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
@ -214,7 +215,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
*/ */
@Override @Override
protected List<UserDetails> loadUsersByUsername(String username) { protected List<UserDetails> loadUsersByUsername(String username) {
return getJdbcTemplate().query(getUsersByUsernameQuery(), this.userDetailsMapper, username); return requireJdbcTemplate().query(getUsersByUsernameQuery(), this.userDetailsMapper, username);
} }
private UserDetails mapToUser(ResultSet rs, int rowNum) throws SQLException { private UserDetails mapToUser(ResultSet rs, int rowNum) throws SQLException {
@ -237,7 +238,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override @Override
public void createUser(final UserDetails user) { public void createUser(final UserDetails user) {
validateUserDetails(user); validateUserDetails(user);
getJdbcTemplate().update(this.createUserSql, (ps) -> { requireJdbcTemplate().update(this.createUserSql, (ps) -> {
ps.setString(1, user.getUsername()); ps.setString(1, user.getUsername());
ps.setString(2, user.getPassword()); ps.setString(2, user.getPassword());
ps.setBoolean(3, user.isEnabled()); ps.setBoolean(3, user.isEnabled());
@ -257,7 +258,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override @Override
public void updateUser(final UserDetails user) { public void updateUser(final UserDetails user) {
validateUserDetails(user); validateUserDetails(user);
getJdbcTemplate().update(this.updateUserSql, (ps) -> { requireJdbcTemplate().update(this.updateUserSql, (ps) -> {
ps.setString(1, user.getPassword()); ps.setString(1, user.getPassword());
ps.setBoolean(2, user.isEnabled()); ps.setBoolean(2, user.isEnabled());
int paramCount = ps.getParameterMetaData().getParameterCount(); int paramCount = ps.getParameterMetaData().getParameterCount();
@ -281,7 +282,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
private void insertUserAuthorities(UserDetails user) { private void insertUserAuthorities(UserDetails user) {
for (GrantedAuthority auth : user.getAuthorities()) { for (GrantedAuthority auth : user.getAuthorities()) {
getJdbcTemplate().update(this.createAuthoritySql, user.getUsername(), auth.getAuthority()); requireJdbcTemplate().update(this.createAuthoritySql, user.getUsername(), auth.getAuthority());
} }
} }
@ -290,12 +291,12 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
if (getEnableAuthorities()) { if (getEnableAuthorities()) {
deleteUserAuthorities(username); deleteUserAuthorities(username);
} }
getJdbcTemplate().update(this.deleteUserSql, username); requireJdbcTemplate().update(this.deleteUserSql, username);
this.userCache.removeUserFromCache(username); this.userCache.removeUserFromCache(username);
} }
private void deleteUserAuthorities(String username) { private void deleteUserAuthorities(String username) {
getJdbcTemplate().update(this.deleteUserAuthoritiesSql, username); requireJdbcTemplate().update(this.deleteUserAuthoritiesSql, username);
} }
@Override @Override
@ -318,7 +319,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
this.logger.debug("No authentication manager set. Password won't be re-checked."); this.logger.debug("No authentication manager set. Password won't be re-checked.");
} }
this.logger.debug("Changing password for user '" + username + "'"); this.logger.debug("Changing password for user '" + username + "'");
getJdbcTemplate().update(this.changePasswordSql, newPassword, username); requireJdbcTemplate().update(this.changePasswordSql, newPassword, username);
Authentication authentication = createNewAuthentication(currentUser, newPassword); Authentication authentication = createNewAuthentication(currentUser, newPassword);
SecurityContext context = this.securityContextHolderStrategy.createEmptyContext(); SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
context.setAuthentication(authentication); context.setAuthentication(authentication);
@ -336,7 +337,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override @Override
public boolean userExists(String username) { public boolean userExists(String username) {
List<String> users = getJdbcTemplate().queryForList(this.userExistsSql, String.class, username); List<String> users = requireJdbcTemplate().queryForList(this.userExistsSql, String.class, username);
if (users.size() > 1) { if (users.size() > 1) {
throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'", throw new IncorrectResultSizeDataAccessException("More than one user found with name '" + username + "'",
1); 1);
@ -346,13 +347,13 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
@Override @Override
public List<String> findAllGroups() { public List<String> findAllGroups() {
return getJdbcTemplate().queryForList(this.findAllGroupsSql, String.class); return requireJdbcTemplate().queryForList(this.findAllGroupsSql, String.class);
} }
@Override @Override
public List<String> findUsersInGroup(String groupName) { public List<String> findUsersInGroup(String groupName) {
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
return getJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName); return requireJdbcTemplate().queryForList(this.findUsersInGroupSql, String.class, groupName);
} }
@Override @Override
@ -361,11 +362,11 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.notNull(authorities, "authorities cannot be null"); Assert.notNull(authorities, "authorities cannot be null");
this.logger.debug("Creating new group '" + groupName + "' with authorities " this.logger.debug("Creating new group '" + groupName + "' with authorities "
+ AuthorityUtils.authorityListToSet(authorities)); + AuthorityUtils.authorityListToSet(authorities));
getJdbcTemplate().update(this.insertGroupSql, groupName); requireJdbcTemplate().update(this.insertGroupSql, groupName);
int groupId = findGroupId(groupName); int groupId = findGroupId(groupName);
for (GrantedAuthority a : authorities) { for (GrantedAuthority a : authorities) {
String authority = a.getAuthority(); String authority = a.getAuthority();
getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> { requireJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
ps.setInt(1, groupId); ps.setInt(1, groupId);
ps.setString(2, authority); ps.setString(2, authority);
}); });
@ -378,9 +379,9 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
int id = findGroupId(groupName); int id = findGroupId(groupName);
PreparedStatementSetter groupIdPSS = (ps) -> ps.setInt(1, id); PreparedStatementSetter groupIdPSS = (ps) -> ps.setInt(1, id);
getJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS); requireJdbcTemplate().update(this.deleteGroupMembersSql, groupIdPSS);
getJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS); requireJdbcTemplate().update(this.deleteGroupAuthoritiesSql, groupIdPSS);
getJdbcTemplate().update(this.deleteGroupSql, groupIdPSS); requireJdbcTemplate().update(this.deleteGroupSql, groupIdPSS);
} }
@Override @Override
@ -388,7 +389,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
this.logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'"); this.logger.debug("Changing group name from '" + oldName + "' to '" + newName + "'");
Assert.hasText(oldName, "oldName should have text"); Assert.hasText(oldName, "oldName should have text");
Assert.hasText(newName, "newName should have text"); Assert.hasText(newName, "newName should have text");
getJdbcTemplate().update(this.renameGroupSql, newName, oldName); requireJdbcTemplate().update(this.renameGroupSql, newName, oldName);
} }
@Override @Override
@ -397,7 +398,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(username, "username should have text"); Assert.hasText(username, "username should have text");
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
int id = findGroupId(groupName); int id = findGroupId(groupName);
getJdbcTemplate().update(this.insertGroupMemberSql, (ps) -> { requireJdbcTemplate().update(this.insertGroupMemberSql, (ps) -> {
ps.setInt(1, id); ps.setInt(1, id);
ps.setString(2, username); ps.setString(2, username);
}); });
@ -410,7 +411,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(username, "username should have text"); Assert.hasText(username, "username should have text");
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
int id = findGroupId(groupName); int id = findGroupId(groupName);
getJdbcTemplate().update(this.deleteGroupMemberSql, (ps) -> { requireJdbcTemplate().update(this.deleteGroupMemberSql, (ps) -> {
ps.setInt(1, id); ps.setInt(1, id);
ps.setString(2, username); ps.setString(2, username);
}); });
@ -421,7 +422,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
public List<GrantedAuthority> findGroupAuthorities(String groupName) { public List<GrantedAuthority> findGroupAuthorities(String groupName) {
this.logger.debug("Loading authorities for group '" + groupName + "'"); this.logger.debug("Loading authorities for group '" + groupName + "'");
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
return getJdbcTemplate().query(this.groupAuthoritiesSql, this.grantedAuthorityMapper, groupName); return requireJdbcTemplate().query(this.groupAuthoritiesSql, this.grantedAuthorityMapper, groupName);
} }
private GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException { private GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException {
@ -435,7 +436,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
Assert.notNull(authority, "authority cannot be null"); Assert.notNull(authority, "authority cannot be null");
int id = findGroupId(groupName); int id = findGroupId(groupName);
getJdbcTemplate().update(this.deleteGroupAuthoritySql, (ps) -> { requireJdbcTemplate().update(this.deleteGroupAuthoritySql, (ps) -> {
ps.setInt(1, id); ps.setInt(1, id);
ps.setString(2, authority.getAuthority()); ps.setString(2, authority.getAuthority());
}); });
@ -447,14 +448,20 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
Assert.hasText(groupName, "groupName should have text"); Assert.hasText(groupName, "groupName should have text");
Assert.notNull(authority, "authority cannot be null"); Assert.notNull(authority, "authority cannot be null");
int id = findGroupId(groupName); int id = findGroupId(groupName);
getJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> { requireJdbcTemplate().update(this.insertGroupAuthoritySql, (ps) -> {
ps.setInt(1, id); ps.setInt(1, id);
ps.setString(2, authority.getAuthority()); ps.setString(2, authority.getAuthority());
}); });
} }
private int findGroupId(String group) { private int findGroupId(String group) {
return getJdbcTemplate().queryForObject(this.findGroupIdSql, Integer.class, group); return requireJdbcTemplate().queryForObject(this.findGroupIdSql, Integer.class, group);
}
private JdbcTemplate requireJdbcTemplate() {
JdbcTemplate jdbc = getJdbcTemplate();
Assert.notNull(jdbc, "JdbcTemplate cannot be null");
return jdbc;
} }
/** /**