Guard against NPE when fetching users associated with user policies.

Closes keycloak#28915 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
ebariaux · May 10, 2024 · 52c9e44 · 52c9e44
1 parent ceed7bc
commit 52c9e44
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.../main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java b/.../main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java
@@ -23,6 +23,7 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -119,7 +120,12 @@ public void onExport(Policy policy, PolicyRepresentation representation, Authori
             UserProvider userProvider = authorizationProvider.getKeycloakSession().users();
             RealmModel realm = authorizationProvider.getRealm();
 
-            config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(realm, id).getUsername()).collect(Collectors.toList())));
+            config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream()
+                    .map(id -> {
+                        UserModel user = userProvider.getUserById(realm, id);
+                        return user != null ? user.getUsername() : null;
+                    })
+                    .filter(Objects::nonNull).collect(Collectors.toList())));
         } catch (IOException cause) {
             throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
         }