Auth / Avoid NPE.

geonetwork · Nov 10, 2020 · f532e67 · f532e67
1 parent ac02396
commit f532e67
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/.../common-security/src/main/java/org/fao/geonet/common/GnUserAuthentificationConverter.java b/.../common-security/src/main/java/org/fao/geonet/common/GnUserAuthentificationConverter.java
@@ -45,10 +45,14 @@ public Authentication extractAuthentication(Map<String, ?> map) {
   }
 
   private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map) {
-    return ((Map<String, Object>) map.get("authorities")).values().stream()
-        .map(attributes -> (Map<String, Object>) attributes)
-        .map(attributes ->
-            new OAuth2UserAuthority((String) attributes.get("groupName"), attributes))
-        .collect(Collectors.toList());
+    if (map.containsKey("authorities")) {
+      return ((Map<String, Object>) map.get("authorities")).values().stream()
+          .map(attributes -> (Map<String, Object>) attributes)
+          .map(attributes ->
+              new OAuth2UserAuthority((String) attributes.get("groupName"), attributes))
+          .collect(Collectors.toList());
+    } else {
+      return null;
+    }
   }
 }
diff --git a/...searching/src/main/java/org/fao/geonet/searching/controller/SecurityTesterController.java b/...searching/src/main/java/org/fao/geonet/searching/controller/SecurityTesterController.java
@@ -6,7 +6,9 @@
 package org.fao.geonet.searching.controller;
 
 import java.security.Principal;
+import java.util.Optional;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -25,10 +27,12 @@ public String search(
       Authentication authentication,
       OAuth2Authentication oauth2Authentication,
       Principal principal) {
+    Optional<GrantedAuthority> authority =
+        oauth2Authentication.getAuthorities()
+            .stream().findFirst();
     return String.format(
-        "Search service called. You are authenticated as %s",
+        "Search service called. You are authenticated as %s. Authorities: %s",
         name,
-        oauth2Authentication.getAuthorities()
-            .stream().findFirst().get().getAuthority());
+        authority.isPresent() ? authority.get().getAuthority() : "");
   }
 }