Fix claims NPE (#2725)
* fix: npe when current claims is null eror was Object.getClass()" because "current" is null * style: fix
This commit is contained in:
committed by
GitHub
parent
811b163d22
commit
98b4fdc8f7
@@ -61,7 +61,7 @@ import org.springframework.security.web.session.SessionManagementFilter;
|
|||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableConfigurationProperties({HawkbitSecurityProperties.class, OidcProperties.class})
|
@EnableConfigurationProperties({ HawkbitSecurityProperties.class, OidcProperties.class })
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class MgmtSecurityConfiguration {
|
public class MgmtSecurityConfiguration {
|
||||||
|
|
||||||
@@ -103,23 +103,20 @@ public class MgmtSecurityConfiguration {
|
|||||||
@Order(350)
|
@Order(350)
|
||||||
SecurityFilterChain filterChainREST(
|
SecurityFilterChain filterChainREST(
|
||||||
final HttpSecurity http,
|
final HttpSecurity http,
|
||||||
@Autowired(required = false)
|
@Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
||||||
@Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
|
||||||
// called just before build of the SecurityFilterChain.
|
// called just before build of the SecurityFilterChain.
|
||||||
// could be used for instance to set authentication provider
|
// could be used for instance to set authentication provider
|
||||||
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
|
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
|
||||||
@Autowired(required = false)
|
@Autowired(required = false) @Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
|
||||||
@Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
|
|
||||||
final SystemManagement systemManagement,
|
final SystemManagement systemManagement,
|
||||||
final SystemSecurityContext systemSecurityContext) throws Exception {
|
final SystemSecurityContext systemSecurityContext) throws Exception {
|
||||||
http
|
http
|
||||||
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||||
.authorizeHttpRequests(amrmRegistry ->
|
.authorizeHttpRequests(amrmRegistry -> amrmRegistry
|
||||||
amrmRegistry
|
.requestMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||||
.requestMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN)
|
||||||
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN)
|
.anyRequest()
|
||||||
.anyRequest()
|
.authenticated())
|
||||||
.authenticated())
|
|
||||||
.anonymous(AbstractHttpConfigurer::disable)
|
.anonymous(AbstractHttpConfigurer::disable)
|
||||||
.csrf(AbstractHttpConfigurer::disable)
|
.csrf(AbstractHttpConfigurer::disable)
|
||||||
.addFilterAfter(
|
.addFilterAfter(
|
||||||
@@ -178,7 +175,7 @@ public class MgmtSecurityConfiguration {
|
|||||||
final String tenant = tenantClaim == null ? "DEFAULT" : followPathInJwtClaims(jwt, tenantClaim, String.class);
|
final String tenant = tenantClaim == null ? "DEFAULT" : followPathInJwtClaims(jwt, tenantClaim, String.class);
|
||||||
final Collection<GrantedAuthority> authorities = Optional
|
final Collection<GrantedAuthority> authorities = Optional
|
||||||
.ofNullable(followPathInJwtClaims(jwt, rolesClaim, Collection.class))
|
.ofNullable(followPathInJwtClaims(jwt, rolesClaim, Collection.class))
|
||||||
.map(resourceRoles -> ((Collection<String>)resourceRoles).stream()
|
.map(resourceRoles -> ((Collection<String>) resourceRoles).stream()
|
||||||
.distinct()
|
.distinct()
|
||||||
.map(SimpleGrantedAuthority::new)
|
.map(SimpleGrantedAuthority::new)
|
||||||
.map(GrantedAuthority.class::cast)
|
.map(GrantedAuthority.class::cast)
|
||||||
@@ -192,6 +189,9 @@ public class MgmtSecurityConfiguration {
|
|||||||
private static <T> T followPathInJwtClaims(final Jwt jwt, final String path, final Class<T> clazz) {
|
private static <T> T followPathInJwtClaims(final Jwt jwt, final String path, final Class<T> clazz) {
|
||||||
final String[] chunks = path.split("\\.");
|
final String[] chunks = path.split("\\.");
|
||||||
Object current = jwt.getClaims();
|
Object current = jwt.getClaims();
|
||||||
|
if (current == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
for (final String chunk : chunks) {
|
for (final String chunk : chunks) {
|
||||||
if (current instanceof Map<?, ?> map) {
|
if (current instanceof Map<?, ?> map) {
|
||||||
current = map.get(chunk);
|
current = map.get(chunk);
|
||||||
@@ -208,7 +208,7 @@ public class MgmtSecurityConfiguration {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return (T)current;
|
return (T) current;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Getter
|
@Getter
|
||||||
|
|||||||
Reference in New Issue
Block a user