Skip to content

Add null check for authentication token in JwtAuthenticationProvider #17251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 17, 2025
Merged

Add null check for authentication token in JwtAuthenticationProvider #17251

merged 2 commits into from
Jun 17, 2025

Conversation

chanbinme
Copy link
Contributor

@chanbinme chanbinme commented Jun 15, 2025
edited
Loading

Summary

Add Assert.notNull validation in JwtAuthenticationProvider.authenticate() to ensure the authentication token returned by jwtAuthenticationConverter is not null.

Problem

While the JwtAuthenticationConverter.convert() method typically returns a valid AbstractAuthenticationToken, there's no explicit null check before accessing the token's properties. This could potentially lead to a NullPointerException if:

  • Custom converter implementations return null
  • Unexpected edge cases occur during token conversion
  • External factors affect the conversion process

Changes

  • Added Assert.notNull(token, "token cannot be null") validation
  • Added comprehensive test to verify the null check behavior

Testing

  • New test passes and verifies proper exception handling
  • All existing tests continue to pass
  • No breaking changes to existing functionality

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 15, 2025
@rwinch rwinch self-assigned this Jun 17, 2025
chanbinme and others added 2 commits June 17, 2025 13:18
@chanbinme @rwinch
Add null check for authentication token in JwtAuthenticationProvider
c770667 
Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.

Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
@rwinch
Fix JwtAuthenticationProvider Checkstyle
d2f89bb 
Issue spring-projectsgh-17251
@rwinch rwinch force-pushed the add-null-check-jwt-authentication-provider branch from a258ada to d2f89bb Compare June 17, 2025 18:20
@rwinch rwinch added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 17, 2025
@rwinch rwinch added this to the 7.0.0-M1 milestone Jun 17, 2025
@rwinch
Copy link
Member

rwinch commented Jun 17, 2025
edited
Loading

Thank you for the pull request @chanbinme! I've pushed a fix to the checkstyle and as soon as this build finishes, this will automatically be merged.

In the future, you can catch any errors using ./gradlew format && ./gradlew check as outlined in CONTRIBUTING

@rwinch rwinch enabled auto-merge (rebase) June 17, 2025 18:23
@rwinch rwinch merged commit 18010f9 into spring-projects:main Jun 17, 2025
6 checks passed
@chanbinme
Copy link
Contributor Author

Thank you so much for fixing the checkstyle issue and for the helpful guidance, @rwinch ! I'll make sure to use ./gradlew format && ./gradlew check before submitting future PRs. Really appreciate your time and support! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rwinch rwinch

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M1
Development

Successfully merging this pull request may close these issues.
3 participants
@chanbinme @rwinch @spring-projects-issues