Fix NPE in IpAddressMatcher

Closes gh-15527

(cherry picked from commit 52de894c3c0a812562d6822db30f5c6c88526181)

web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java

@@ -71,6 +71,11 @@ public final class IpAddressMatcher implements RequestMatcher {
 	}
 
 	public boolean matches(String address) {
+		// Do not match null or blank address
+		if (!StringUtils.hasText(address)) {
+			return false;
+		}
+
 		assertNotHostName(address);
 		InetAddress remoteAddress = parseAddress(address);
 		if (!this.requiredAddress.getClass().equals(remoteAddress.getClass())) {

web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -126,4 +126,17 @@ public class IpAddressMatcherTests {
 			.withMessage("ipAddress 123.156.7.18.org doesn't look like an IP Address. Is it a host name?");
 	}
 
+	// gh-15527
+	@Test
+	public void matchesWhenIpAddressIsLoopbackAndAddressIsNullThenFalse() {
+		IpAddressMatcher ipAddressMatcher = new IpAddressMatcher("127.0.0.1");
+		assertThat(ipAddressMatcher.matches((String) null)).isFalse();
+	}
+
+	// gh-15527
+	@Test
+	public void matchesWhenAddressIsNullThenFalse() {
+		assertThat(this.v4matcher.matches((String) null)).isFalse();
+	}
+
 }