Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Check for null Name Attribute Value

Closes gh-15338
rio 1 year ago
parent
fdcf3c6df9
commit
e69e0eb245
2 changed files with 12 additions and 5 deletions
Split View Show Diff Stats
  1. 4 4
      oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
  2. 8 1
      oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java

+ 4 - 4
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2021 the original author or authors.
 
+ * Copyright 2002-2024 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -44,6 +44,7 @@ import org.springframework.util.Assert;
 
  *
 
  * @author Joe Grandja
 
  * @author Eddú Meléndez
 
+ * @author Park Hyojong
 
  * @since 5.0
 
  * @see OAuth2User
 
  */
 
@@ -68,9 +69,8 @@ public class DefaultOAuth2User implements OAuth2User, Serializable {
 
 			String nameAttributeKey) {
 
 		Assert.notEmpty(attributes, "attributes cannot be empty");
 
 		Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty");
 
-		if (!attributes.containsKey(nameAttributeKey)) {
 
-			throw new IllegalArgumentException("Missing attribute '" + nameAttributeKey + "' in attributes");
 
-		}
 
+		Assert.notNull(attributes.get(nameAttributeKey), "Attribute value for '" + nameAttributeKey + "' cannot be null");
 
+
 
 		this.authorities = (authorities != null)
 
 				? Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities)))
 
 				: Collections.unmodifiableSet(new LinkedHashSet<>(AuthorityUtils.NO_AUTHORITIES));

+ 8 - 1
oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2021 the original author or authors.
 
+ * Copyright 2002-2024 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -34,6 +34,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
 
  *
 
  * @author Vedran Pavic
 
  * @author Joe Grandja
 
+ * @author Park Hyojong
 
  */
 
 public class DefaultOAuth2UserTests {
 
 
@@ -59,6 +60,12 @@ public class DefaultOAuth2UserTests {
 
 			.isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, Collections.emptyMap(), ATTRIBUTE_NAME_KEY));
 
 	}
 
 
+	@Test
 
+	public void constructorWhenAttributeValueIsNullThenThrowIllegalArgumentException() {
 
+		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES,
 
+				Collections.singletonMap(ATTRIBUTE_NAME_KEY, null), ATTRIBUTE_NAME_KEY));
 
+	}
 
+
 
 	@Test
 
 	public void constructorWhenNameAttributeKeyIsNullThenThrowIllegalArgumentException() {
 
 		assertThatIllegalArgumentException().isThrownBy(() -> new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, null));