Skip to content

Commit 790e060

Browse files
therepanictherepanic
committed
fix null authority handling in DelegatingMissingAuthorityAccessDeniedHandler
Signed-off-by: Andrey Litvitski <[email protected]>
1 parent f867a74 commit 790e060

File tree

1 file changed

+7
-5
lines changed

1 file changed

+7
-5
lines changed

web/src/main/java/org/springframework/security/web/access/DelegatingMissingAuthorityAccessDeniedHandler.java

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -158,9 +158,10 @@ private List<AuthorityRequiredFactorErrorEntry> authorityErrors(AccessDeniedExce
158158
if (authorizationResult instanceof AuthorityAuthorizationDecision authorityDecision) {
159159
// @formatter:off
160160
return authorityDecision.getAuthorities().stream()
161-
.map((grantedAuthority) -> {
161+
.filter((ga) -> ga.getAuthority() != null)
162+
.map((grantedAuthority) -> {
162163
String authority = grantedAuthority.getAuthority();
163-
if (authority != null && authority.startsWith("FACTOR_")) {
164+
if (authority.startsWith("FACTOR_")) {
164165
RequiredFactor required = RequiredFactor.withAuthority(authority).build();
165166
return new AuthorityRequiredFactorErrorEntry(authority, RequiredFactorError.createMissing(required));
166167
}
@@ -247,16 +248,17 @@ public DelegatingMissingAuthorityAccessDeniedHandler build() {
247248
*/
248249
private static final class AuthorityRequiredFactorErrorEntry {
249250

250-
@Nullable private final String authority;
251+
private final String authority;
251252

252253
private final @Nullable RequiredFactorError error;
253254

254-
private AuthorityRequiredFactorErrorEntry(@Nullable String authority, @Nullable RequiredFactorError error) {
255+
private AuthorityRequiredFactorErrorEntry(String authority, @Nullable RequiredFactorError error) {
256+
Assert.notNull(authority, "authority cannot be null");
255257
this.authority = authority;
256258
this.error = error;
257259
}
258260

259-
@Nullable private String getAuthority() {
261+
private String getAuthority() {
260262
return this.authority;
261263
}
262264

0 commit comments

Comments
 (0)