root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 36 Packages Projects Releases Wiki Activity

Add null check for authentication token in JwtAuthenticationProvider 

Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.

Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
This commit is contained in:
chanbinme 2025-06-15 23:50:38 +09:00 committed by Rob Winch
parent b2325e4176
commit c770667b57
No known key found for this signature in database
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
View File

@ -87,6 +87,7 @@ public final class JwtAuthenticationProvider implements AuthenticationProvider {
BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
Jwt jwt = getJwt(bearer);
AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
Assert.notNull(token, "token cannot be null");
if (token.getDetails() == null) {
token.setDetails(bearer.getDetails());
}

16
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
View File

@ -35,8 +35,7 @@ import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@ -152,6 +151,19 @@ public class JwtAuthenticationProviderTests {
// @formatter:on
}
@Test
public void authenticateWhenConverterReturnsNullThenThrowException() {
BearerTokenAuthenticationToken token = this.authentication();
Jwt jwt = TestJwts.jwt().build();
given(this.jwtDecoder.decode("token")).willReturn(jwt);
given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(null);
// @formatter:off
assertThatIllegalArgumentException()
.isThrownBy(() -> this.provider.authenticate(token))
.withMessageContaining("token cannot be null");
// @formatter:on
}
@Test
public void supportsWhenBearerTokenAuthenticationTokenThenReturnsTrue() {
assertThat(this.provider.supports(BearerTokenAuthenticationToken.class)).isTrue();