Fix WebTestUtils when no matching HttpSecurity found

Previously a NullPointerException would be thrown if no HttpSecurity
matched on the request passed in. This was because findFilters would
return null rather than an empty List.

This commit returns null if findFilters gets a null result.

Fixes gh-3343

test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java

@@ -114,7 +114,7 @@ public abstract class WebTestUtils {
 	}
 
 	@SuppressWarnings("unchecked")
-	private static <T extends Filter> T findFilter(HttpServletRequest request,
+	static <T extends Filter> T findFilter(HttpServletRequest request,
 			Class<T> filterClass) {
 		WebApplicationContext webApplicationContext = WebApplicationContextUtils
 				.getWebApplicationContext(request.getServletContext());
@@ -131,6 +131,9 @@ public abstract class WebTestUtils {
 		}
 		List<Filter> filters = (List<Filter>) ReflectionTestUtils.invokeMethod(
 				springSecurityFilterChain, "getFilters", request);
+		if(filters == null) {
+			return null;
+		}
 		for (Filter filter : filters) {
 			if (filterClass.isAssignableFrom(filter.getClass())) {
 				return (T) filter;

test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java

@@ -32,6 +32,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
@@ -118,6 +119,14 @@ public class WebTestUtilsTests {
 		assertThat(getSecurityContextRepository(request)).isSameAs(contextRepo);
 	}
 
+	// gh-3343
+	@Test
+	public void findFilterNoMatchingFilters() {
+		loadConfig(PartialSecurityConfig.class);
+
+		assertThat(WebTestUtils.findFilter(request, SecurityContextPersistenceFilter.class)).isNull();
+	}
+
 	private void loadConfig(Class<?> config) {
 		AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
 		context.register(config);
@@ -157,4 +166,18 @@ public class WebTestUtilsTests {
 		}
 		// @formatter:on
 	}
+
+
+
+	@EnableWebSecurity
+	static class PartialSecurityConfig extends WebSecurityConfigurerAdapter {
+
+		// @formatter:off
+		@Override
+		public void configure(HttpSecurity http) throws Exception {
+			http
+				.antMatcher("/willnotmatchthis");
+		}
+		// @formatter:on
+	}
 }