Skip to content

OAuth2AccessTokenInterceptor can handle Authentication Principal where principalName is null #1049

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
agileknight opened this issue Aug 19, 2024 · 1 comment · Fixed by #1050
Closed

OAuth2AccessTokenInterceptor can handle Authentication Principal where principalName is null #1049

agileknight opened this issue Aug 19, 2024 · 1 comment · Fixed by #1050
Assignees
@agileknight
Labels
bug Something isn't working
Milestone
4.1.4

Comments

@agileknight
Copy link
Contributor

agileknight commented Aug 19, 2024
edited by OlgaMaciaszek
Loading

Is your feature request related to a problem? Please describe.
When OAuth2AccessTokenInterceptor encounters an Authentication Principal where getName is null, it passes the null value on to the OAuth2AuthorizedClientManager, which in practice usually results in a runtime exception like principalName cannot be empty.

Describe the solution you'd like
The code already checks for a null principal an in that case passes ANONYMOUS_AUTHENTICATION. It appears to also make sense to pass ANONYMOUS_AUTHENTICATION for cases with a non-null principal but a null principal name.

Describe alternatives you've considered
Handling a null principal name downstream or upstream appears more complicated and it feels more natural to follow the current implementation of employing the ANONYMOUS_AUTHENTICATION placeholder for cases where the current authentication principal is not suitable.

Additional context
None
agileknight added a commit to agileknight/spring-cloud-openfeign that referenced this issue Aug 19, 2024
@agileknight
Authorize with anonymous principal if principal name is null
d92f7cd 
The authorizedClientManager.authorize method requires
a non-null principal name or it will usually throw
an exception in practice like "principalName cannot be empty".

Using the anonymous principal in this case like for
a null principal handles the situation more gracefully.

Fixes spring-cloud#1049
@agileknight agileknight mentioned this issue Aug 19, 2024
Merged
@OlgaMaciaszek OlgaMaciaszek added bug Something isn't working and removed waiting-for-triage labels Sep 4, 2024
@OlgaMaciaszek OlgaMaciaszek moved this to In Progress in 2024.0.0-M2 Sep 4, 2024
@OlgaMaciaszek OlgaMaciaszek added this to the 4.1.4 milestone Sep 4, 2024
@OlgaMaciaszek
Copy link
Collaborator

Hello @agileknight, thanks for reporting the issue. Makes sense.

@OlgaMaciaszek OlgaMaciaszek moved this to In Progress in 2023.0.3 Sep 4, 2024
@OlgaMaciaszek OlgaMaciaszek removed this from 2023.0.3 Sep 4, 2024
@OlgaMaciaszek OlgaMaciaszek moved this to In Progress in 2023.0.4 Sep 4, 2024
agileknight added a commit to agileknight/spring-cloud-openfeign that referenced this issue Sep 5, 2024
@agileknight
Authorize with anonymous principal if principal name is null
751040d 
The authorizedClientManager.authorize method requires
a non-null principal name or it will usually throw
an exception in practice like "principalName cannot be empty".

Using the anonymous principal in this case like for
a null principal handles the situation more gracefully.

Fixes spring-cloud#1049
agileknight added a commit to agileknight/spring-cloud-openfeign that referenced this issue Sep 5, 2024
@agileknight
Authorize with anonymous principal if principal name is null
8304aec 
The authorizedClientManager.authorize method requires
a non-null principal name or it will usually throw
an exception in practice like "principalName cannot be empty".

Using the anonymous principal in this case like for
a null principal handles the situation more gracefully.

Fixes spring-cloud#1049
agileknight added a commit to agileknight/spring-cloud-openfeign that referenced this issue Sep 5, 2024
@agileknight
Authorize with anonymous principal if principal name is null
ab8d462 
The authorizedClientManager.authorize method requires
a non-null principal name or it will usually throw
an exception in practice like "principalName cannot be empty".

Using the anonymous principal in this case like for
a null principal handles the situation more gracefully.

Fixes spring-cloud#1049
@github-project-automation github-project-automation bot moved this from In Progress to Done in 2024.0.0-M2 Sep 6, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in 2023.0.4 Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@agileknight agileknight

Labels
bug Something isn't working
Projects
No open projects
2023.0.4
Status: Done
2024.0.0-M2
Status: Done
Milestone
4.1.4
Development

Successfully merging a pull request may close this issue.

Authorize with anonymous principal if principal name is null agileknight/spring-cloud-openfeign
3 participants
@agileknight @OlgaMaciaszek @spring-cloud-issues