Fix claims NPE (#2725)

* fix: npe when current claims is null

eror was Object.getClass()" because "current" is null

* style: fix
This commit is contained in:
Florian BEZANNIER
2025-10-15 13:22:42 +02:00
committed by GitHub
parent 811b163d22
commit 98b4fdc8f7

View File

@@ -103,19 +103,16 @@ public class MgmtSecurityConfiguration {
@Order(350) @Order(350)
SecurityFilterChain filterChainREST( SecurityFilterChain filterChainREST(
final HttpSecurity http, final HttpSecurity http,
@Autowired(required = false) @Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
@Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
// called just before build of the SecurityFilterChain. // called just before build of the SecurityFilterChain.
// could be used for instance to set authentication provider // could be used for instance to set authentication provider
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit // Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
@Autowired(required = false) @Autowired(required = false) @Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
@Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
final SystemManagement systemManagement, final SystemManagement systemManagement,
final SystemSecurityContext systemSecurityContext) throws Exception { final SystemSecurityContext systemSecurityContext) throws Exception {
http http
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.authorizeHttpRequests(amrmRegistry -> .authorizeHttpRequests(amrmRegistry -> amrmRegistry
amrmRegistry
.requestMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .requestMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN) .hasAnyAuthority(SpPermission.SYSTEM_ADMIN)
.anyRequest() .anyRequest()
@@ -192,6 +189,9 @@ public class MgmtSecurityConfiguration {
private static <T> T followPathInJwtClaims(final Jwt jwt, final String path, final Class<T> clazz) { private static <T> T followPathInJwtClaims(final Jwt jwt, final String path, final Class<T> clazz) {
final String[] chunks = path.split("\\."); final String[] chunks = path.split("\\.");
Object current = jwt.getClaims(); Object current = jwt.getClaims();
if (current == null) {
return null;
}
for (final String chunk : chunks) { for (final String chunk : chunks) {
if (current instanceof Map<?, ?> map) { if (current instanceof Map<?, ?> map) {
current = map.get(chunk); current = map.get(chunk);