首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Fix NPE when token response contains a null value

Fixes gh-8108
Joe Grandja 5 年之前
父节点
935c547dde
当前提交
26414ad3af
共有 2 个文件被更改,包括 25 次插入1 次删除
分列视图 显示文件统计
  1. 1 1
      oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
  2. 24 0
      oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java

+ 1 - 1
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
查看文件 

@@ -80,7 +80,7 @@ public class OAuth2AccessTokenResponseHttpMessageConverter extends AbstractHttpM
 
 					tokenResponseParameters.entrySet().stream()
 
 							.collect(Collectors.toMap(
 
 									Map.Entry::getKey,
 
-									entry -> entry.getValue().toString())));
 
+									entry -> String.valueOf(entry.getValue()))));
 
 		} catch (Exception ex) {
 
 			throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Access Token Response: " +
 
 					ex.getMessage(), ex, inputMessage);

+ 24 - 0
oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverterTests.java
查看文件 

@@ -129,6 +129,30 @@ public class OAuth2AccessTokenResponseHttpMessageConverterTests {
 
 				entry("custom_parameter_2", "custom-value-2"));
 
 	}
 
 
+	// gh-8108
 
+	@Test
 
+	public void readInternalWhenSuccessfulTokenResponseWithNullValueThenReadOAuth2AccessTokenResponse() {
 
+		String tokenResponse = "{\n" +
 
+				"	\"access_token\": \"access-token-1234\",\n" +
 
+				"   \"token_type\": \"bearer\",\n" +
 
+				"   \"expires_in\": 3600,\n" +
 
+				"   \"scope\": null,\n" +
 
+				"   \"refresh_token\": \"refresh-token-1234\"\n" +
 
+				"}\n";
 
+
 
+		MockClientHttpResponse response = new MockClientHttpResponse(
 
+				tokenResponse.getBytes(), HttpStatus.OK);
 
+
 
+		OAuth2AccessTokenResponse accessTokenResponse = this.messageConverter.readInternal(
 
+				OAuth2AccessTokenResponse.class, response);
 
+
 
+		assertThat(accessTokenResponse.getAccessToken().getTokenValue()).isEqualTo("access-token-1234");
 
+		assertThat(accessTokenResponse.getAccessToken().getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.BEARER);
 
+		assertThat(accessTokenResponse.getAccessToken().getExpiresAt()).isBeforeOrEqualTo(Instant.now().plusSeconds(3600));
 
+		assertThat(accessTokenResponse.getAccessToken().getScopes()).containsExactly("null");
 
+		assertThat(accessTokenResponse.getRefreshToken().getTokenValue()).isEqualTo("refresh-token-1234");
 
+	}
 
+
 
 	@Test
 
 	public void readInternalWhenConversionFailsThenThrowHttpMessageNotReadableException() {
 
 		Converter tokenResponseConverter = mock(Converter.class);