Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext #11606

Closed
marcusdacoregio opened this issue Jul 21, 2022 · 1 comment
Closed

RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext #11606

marcusdacoregio opened this issue Jul 21, 2022 · 1 comment
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Milestone
5.7.3

Comments

@marcusdacoregio
Copy link
Contributor

Describe the bug
Based on this comment, if the request attribute is null, an error is thrown from the strategy:

java.lang.IllegalArgumentException: A Supplier<SecurityContext> returned null and is not allowed.
	at org.springframework.util.Assert.notNull(Assert.java:201) ~[spring-core-6.0.0-M5.jar:6.0.0-M5]
	at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:68) ~[spring-security-core-6.0.0-SNAPSHOT.jar:6.0.0-SNAPSHOT]
	at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-6.0.0-SNAPSHOT.jar:6.0.0-SNAPSHOT]

Expected behavior
RequestAttributeSecurityContextRepository#loadContext(HttpServletRequest) should return an empty context if the request attribute is null.
@marcusdacoregio marcusdacoregio added in: web An issue in web modules (web, webmvc) type: bug A general bug labels Jul 21, 2022
@marcusdacoregio marcusdacoregio added this to the 5.7.3 milestone Jul 21, 2022
@marcusdacoregio marcusdacoregio mentioned this issue Jul 21, 2022
Closed
@rwinch rwinch changed the title RequestAttributeSecurityContextRepository fails when attribute is null RequestAttributeSecurityContextRepository.loadContext(HttpServletRequest) should never return null SecurityContext Aug 8, 2022
rwinch added a commit that referenced this issue Aug 8, 2022
@rwinch
RequestAttributeSecurityContextRepository never null SecurityContext
269c711 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
@github-actions
Copy link
Contributor

github-actions bot commented Aug 8, 2022

Fixed via 269c711

@github-actions github-actions bot closed this as completed Aug 8, 2022
rwinch added a commit that referenced this issue Aug 8, 2022
@rwinch
RequestAttributeSecurityContextRepository never null SecurityContext
c9f8d2b 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
rwinch added a commit that referenced this issue Aug 8, 2022
@rwinch
RequestAttributeSecurityContextRepository never null SecurityContext
c23324e 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
None yet
Milestone
5.7.3
Development

No branches or pull requests
2 participants
@rwinch @marcusdacoregio