Skip to content

Commit 1116241

Browse files
committed
Fix Checks for NullPointerException in AuthoritiesAuthorizationManager
- Fix checkstyle - Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue Closes gh-18544 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
1 parent d87dc9a commit 1116241

1 file changed

Lines changed: 10 additions & 4 deletions

File tree

core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@
1414
* limitations under the License.
1515
*/
1616

17-
1817
package org.springframework.security.authorization;
1918

2019
import java.util.Arrays;
2120
import java.util.Collection;
2221
import java.util.Collections;
22+
import java.util.Set;
2323
import java.util.function.Supplier;
2424

2525
import org.junit.jupiter.api.Test;
@@ -32,6 +32,7 @@
3232

3333
import static org.assertj.core.api.Assertions.assertThat;
3434
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
35+
import static org.assertj.core.api.Assertions.assertThatNullPointerException;
3536

3637
/**
3738
* Tests for {@link AuthoritiesAuthorizationManager}.
@@ -45,7 +46,7 @@ class AuthoritiesAuthorizationManagerTests {
4546
void setRoleHierarchyWhenNullThenIllegalArgumentException() {
4647
AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
4748
assertThatIllegalArgumentException().isThrownBy(() -> manager.setRoleHierarchy(null))
48-
.withMessage("roleHierarchy cannot be null");
49+
.withMessage("roleHierarchy cannot be null");
4950
}
5051

5152
@Test
@@ -88,14 +89,19 @@ void checkWhenRoleHierarchySetThenGreaterRoleTakesPrecedence() {
8889
}
8990

9091
@Test
92+
// gh-18543
9193
void authorizeWhenAuthorityIsNullThenDoesNotThrowNullPointerException() {
9294
AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager();
9395

9496
Authentication authentication = new TestingAuthenticationToken("user", "password",
9597
Collections.singletonList(() -> null));
9698

97-
Collection<String> authorities = Collections.singleton("ROLE_USER");
99+
Collection<String> authoritiesContainsThrowsNPE = Set.of("ROLE_USER");
98100

99-
assertThat(manager.authorize(() -> authentication, authorities).isGranted()).isFalse();
101+
// must be Collection that throws NPE when .contains(null) is invoked
102+
// to replicate the issue in gh-18543
103+
assertThatNullPointerException().isThrownBy(() -> authoritiesContainsThrowsNPE.contains(null));
104+
assertThat(manager.authorize(() -> authentication, authoritiesContainsThrowsNPE).isGranted()).isFalse();
100105
}
106+
101107
}

0 commit comments

Comments
 (0)