Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
github
/
spring-security
mirror de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

AuthorizationWebFilter handles null Authentication

If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966
Rob Winch há 7 anos atrás
pai
e6cac604f3
commit
6a0833165a
2 ficheiros alterados com 2 adições e 1 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 1 0
      web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
  2. 1 1
      web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java

+ 1 - 0
web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
Ver Ficheiro 

@@ -40,6 +40,7 @@ public class AuthorizationWebFilter implements WebFilter {
 
 	@Override
 
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 
 		return ReactiveSecurityContextHolder.getContext()
 
+			.filter(c -> c.getAuthentication() != null)
 
 			.map(SecurityContext::getAuthentication)
 
 			.as(authentication -> this.accessDecisionManager.verify(authentication, exchange))
 
 			.switchIfEmpty(chain.filter(exchange));

+ 1 - 1
web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
Ver Ficheiro 

@@ -63,7 +63,7 @@ public class AuthorizationWebFilterTests {
 
 	@Test
 
 	public void filterWhenNoAuthenticationThenThrowsAccessDenied() {
 
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
 
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.error(new AccessDeniedException("Denied")));
 
+		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
 
 
 		Mono<Void> result = filter
 
 			.filter(this.exchange, this.chain)