Fix claims NPE (#2725)
* fix: npe when current claims is null eror was Object.getClass()" because "current" is null * style: fix
This commit is contained in:
committed by
GitHub
parent
811b163d22
commit
98b4fdc8f7
@@ -103,19 +103,16 @@ public class MgmtSecurityConfiguration {
|
|||||||
@Order(350)
|
@Order(350)
|
||||||
SecurityFilterChain filterChainREST(
|
SecurityFilterChain filterChainREST(
|
||||||
final HttpSecurity http,
|
final HttpSecurity http,
|
||||||
@Autowired(required = false)
|
@Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
||||||
@Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
|
||||||
// called just before build of the SecurityFilterChain.
|
// called just before build of the SecurityFilterChain.
|
||||||
// could be used for instance to set authentication provider
|
// could be used for instance to set authentication provider
|
||||||
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
|
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
|
||||||
@Autowired(required = false)
|
@Autowired(required = false) @Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
|
||||||
@Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
|
|
||||||
final SystemManagement systemManagement,
|
final SystemManagement systemManagement,
|
||||||
final SystemSecurityContext systemSecurityContext) throws Exception {
|
final SystemSecurityContext systemSecurityContext) throws Exception {
|
||||||
http
|
http
|
||||||
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||||
.authorizeHttpRequests(amrmRegistry ->
|
.authorizeHttpRequests(amrmRegistry -> amrmRegistry
|
||||||
amrmRegistry
|
|
||||||
.requestMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
.requestMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||||
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN)
|
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN)
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
@@ -192,6 +189,9 @@ public class MgmtSecurityConfiguration {
|
|||||||
private static <T> T followPathInJwtClaims(final Jwt jwt, final String path, final Class<T> clazz) {
|
private static <T> T followPathInJwtClaims(final Jwt jwt, final String path, final Class<T> clazz) {
|
||||||
final String[] chunks = path.split("\\.");
|
final String[] chunks = path.split("\\.");
|
||||||
Object current = jwt.getClaims();
|
Object current = jwt.getClaims();
|
||||||
|
if (current == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
for (final String chunk : chunks) {
|
for (final String chunk : chunks) {
|
||||||
if (current instanceof Map<?, ?> map) {
|
if (current instanceof Map<?, ?> map) {
|
||||||
current = map.get(chunk);
|
current = map.get(chunk);
|
||||||
|
|||||||
Reference in New Issue
Block a user