Merge pull request #44 from levigo/fix/NF-1928-no-auth-authentication…

…-problem fix(NF-1928): add authentication null check
levigo · Jan 10, 2025 · 2a59b15 · 2a59b15
2 parents c23bffb + 89f1b29
commit 2a59b15
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/.../java/com/neverpile/common/authorization/policy/impl/PolicyBasedAuthorizationService.java b/.../java/com/neverpile/common/authorization/policy/impl/PolicyBasedAuthorizationService.java
@@ -75,7 +75,7 @@ public boolean isAccessAllowed(final String resourceSpecifier, final Set<Action>
     Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
     List<AccessRule> matchingRules = policy.getRules().stream() //
-        .filter(authentication.isAuthenticated() //
+        .filter(null != authentication && authentication.isAuthenticated() //
             ? (r) -> matchesAuthentication(r, authentication) //
             : this::matchesAnonymousUser) //
         .filter(r -> matchesResource(r, resourceSpecifier)) //
@@ -101,7 +101,7 @@ public boolean isAccessAllowed(final String resourceSpecifier, final Set<Action>
         policy.getDefaultEffect() != null ? policy.getDefaultEffect() : Effect.DENY;
 
     LOGGER.debug("Authorization for {} on {} with principal {}: {}", actions, resourceSpecifier,
-        authentication.isAuthenticated() ? authentication.getPrincipal() : "anonymous", e);
+        authentication != null && authentication.isAuthenticated() ? authentication.getPrincipal() : "anonymous", e);
 
     return e == Effect.ALLOW;
   }