Skip to content

Add Assert.notNull() for AuthenticationProvider additions #530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

Add Assert.notNull() for AuthenticationProvider additions #530

wants to merge 8 commits into from

Conversation

@gmazza
Copy link

@gmazza gmazza commented Dec 11, 2021

If we accidentally provide a null authenticationProvider configured via:

            authorizationServerConfigurer
                    .tokenEndpoint(tokenEndpoint -> {
                        tokenEndpoint.accessTokenRequestConverter(new DelegatingAuthenticationConverter(
                            converters))
                            .authenticationProvider(nullAuthProvider)
                        }
                    );

We get an NPE during the authenticationProviders.add(authenticationProvider) statement in Oauth2TokenEndpointConfigurer. The error stack is quite unclear where the NPE is coming from, requiring time-consuming IDE troubleshooting:

Caused by: java.lang.NullPointerException: null
	at org.springframework.security.config.annotation.SecurityConfigurerAdapter$CompositeObjectPostProcessor.postProcess(SecurityConfigurerAdapter.java:117)
	at org.springframework.security.config.annotation.SecurityConfigurerAdapter.postProcess(SecurityConfigurerAdapter.java:79)
	at org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.AbstractOAuth2Configurer.postProcess(AbstractOAuth2Configurer.java:42)
	at org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer.lambda$init$0(OAuth2TokenEndpointConfigurer.java:129)
	at java.base/java.lang.Iterable.forEach(Iterable.java:75)

This PR adds an Assert.notNull, similar to many places elsewhere in the project, creating a much clearer stack trace:

Caused by: java.lang.IllegalArgumentException: authenticationProvider cannot be null

	at org.springframework.util.Assert.notNull(Assert.java:201)
	at org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer.authenticationProvider(OAuth2TokenEndpointConfigurer.java:91)
	at com.mycompany.myproject.config.SecurityConfig$NewAuthServerConfigurationAdapter.lambda$configure$0(SecurityConfig.java:228)
	at org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer.tokenEndpoint(OAuth2AuthorizationServerConfigurer.java:162)
	at com.mycompany.myproject.config.SecurityConfig$NewAuthServerConfigurationAdapter.configure(SecurityConfig.java:223)

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 11, 2021
@jgrandja
Copy link
Collaborator

jgrandja commented Jan 6, 2022

Thanks for the PR @gmazza. Could you also apply the same check to OAuth2AuthorizationEndpointConfigurer, OAuth2ClientAuthenticationConfigurer and OAuth2TokenRevocationEndpointConfigurer and add a test for each of the 4 cases. Thanks!

@jgrandja jgrandja self-assigned this Jan 6, 2022
@jgrandja jgrandja added the type: enhancement A general enhancement label Jan 6, 2022
@jgrandja jgrandja changed the title Add Assert.notNull() for AuthenticationProvider additions. Add Assert.notNull() for AuthenticationProvider additions Jan 6, 2022
@jgrandja jgrandja removed the status: waiting-for-triage An issue we've not yet triaged label Jan 6, 2022
@gmazza
Copy link
Author

gmazza commented Jan 23, 2022

@jgrandja Hi, I added the check for the other three situations, and unit tests for all four. The latter I put in new separate classes away from the integration tests in the same package, let me know if you'd prefer them to be placed within the integration tests.

(Incidentally, I built via ./gradlew clean build test, for some reason task checkstyleNohttp is failing, although my changes have nothing to do with the JavaScript files it found problems with, maybe this is a problem also in the main Spring repo. I needed to run with -x checkstyleNoHttp for the build to complete.)

jgrandja
jgrandja requested changes Jan 24, 2022
View reviewed changes
Copy link
Collaborator

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @gmazza. Please see review comments.

@gmazza gmazza requested a review from jgrandja February 15, 2022 16:15
@jgrandja jgrandja added this to the 0.2.3 milestone Feb 17, 2022
@jgrandja jgrandja closed this in 8b32ace Feb 17, 2022
@jgrandja
Copy link
Collaborator

jgrandja commented Feb 17, 2022

Apologies for the delay @gmazza and thanks for the updates! This is now merged to main.

doba16 pushed a commit to doba16/spring-authorization-server that referenced this pull request Apr 21, 2023
@gmazza @jgrandja
Add Assert.notNull() for AuthenticationProvider additions
8a43c60 
Closes spring-projectsgh-530
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jgrandja jgrandja Awaiting requested review from jgrandja

Assignees

@jgrandja jgrandja

Labels

type: enhancement A general enhancement

Projects

None yet

Milestone

0.2.3

Development

Successfully merging this pull request may close these issues.

3 participants

@gmazza @jgrandja @spring-projects-issues