Skip to content

Commit

Permalink
fix(auth): handling NPE on login (#1655)
Browse files Browse the repository at this point in the history
relate to #1640
  • Loading branch information
AlexisSouquiere authored Jan 24, 2024
1 parent 53af3a3 commit 879cb91
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
8 changes: 7 additions & 1 deletion src/main/java/org/akhq/controllers/AbstractController.java
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,13 @@ protected List<Group> getUserGroups() {
return List.of();
}

List<Group> groupBindings = AKHQSecurityRule.decompressGroups(authentication.get()).values()
var groups = AKHQSecurityRule.decompressGroups(authentication.get());

if (groups == null) {
return List.of();
}

List<Group> groupBindings = groups.values()
.stream()
.flatMap(Collection::stream)
.map(gb -> new ObjectMapper().convertValue(gb, Group.class))
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/org/akhq/controllers/ErrorController.java
Original file line number Diff line number Diff line change
Expand Up @@ -84,10 +84,10 @@ private HttpResponse<?> renderExecption(HttpRequest<?> request, Exception e) {
public HttpResponse<?> error(HttpRequest<?> request, AuthorizationException e) throws URISyntaxException {
if (request.getUri().toString().startsWith("/api")) {
if (e.isForbidden()) {
if (request.getAttribute(HttpAttributes.ROUTE_INFO).isPresent() &&
((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_INFO).get()).hasAnnotation(AKHQSecured.class)) {
if (request.getAttribute(HttpAttributes.ROUTE_MATCH).isPresent() &&
((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_MATCH).get()).hasAnnotation(AKHQSecured.class)) {
AnnotationValue<AKHQSecured> annotation =
((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_INFO).get()).getAnnotation(AKHQSecured.class);
((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_MATCH).get()).getAnnotation(AKHQSecured.class);

return HttpResponse.status(HttpStatus.FORBIDDEN)
.body(new JsonError(String.format("Unauthorized: missing permission on resource %s and action %s",
Expand Down

0 comments on commit 879cb91

Please sign in to comment.