From 84e603e5d36f3021461bceddcb4edf53e60950a2 Mon Sep 17 00:00:00 2001
From: AlexisSouquiere <alexis.souquiere@gmail.com>
Date: Wed, 10 Jan 2024 10:33:42 +0100
Subject: [PATCH] Handling NPE on login

---
 .../java/org/akhq/controllers/AbstractController.java     | 8 +++++++-
 src/main/java/org/akhq/controllers/ErrorController.java   | 6 +++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/akhq/controllers/AbstractController.java b/src/main/java/org/akhq/controllers/AbstractController.java
index 6d00931d0..2346e9c34 100644
--- a/src/main/java/org/akhq/controllers/AbstractController.java
+++ b/src/main/java/org/akhq/controllers/AbstractController.java
@@ -50,7 +50,13 @@ protected List<Group> getUserGroups() {
             return List.of();
         }
 
-        List<Group> groupBindings = AKHQSecurityRule.decompressGroups(authentication.get()).values()
+        var groups = AKHQSecurityRule.decompressGroups(authentication.get());
+
+        if (groups == null) {
+           return List.of();
+        }
+
+        List<Group> groupBindings = groups.values()
             .stream()
             .flatMap(Collection::stream)
             .map(gb -> new ObjectMapper().convertValue(gb, Group.class))
diff --git a/src/main/java/org/akhq/controllers/ErrorController.java b/src/main/java/org/akhq/controllers/ErrorController.java
index 056f09cd2..cc43bfb57 100644
--- a/src/main/java/org/akhq/controllers/ErrorController.java
+++ b/src/main/java/org/akhq/controllers/ErrorController.java
@@ -84,10 +84,10 @@ private HttpResponse<?> renderExecption(HttpRequest<?> request, Exception e) {
     public HttpResponse<?> error(HttpRequest<?> request, AuthorizationException e) throws URISyntaxException {
         if (request.getUri().toString().startsWith("/api")) {
             if (e.isForbidden()) {
-                if (request.getAttribute(HttpAttributes.ROUTE_INFO).isPresent() &&
-                    ((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_INFO).get()).hasAnnotation(AKHQSecured.class)) {
+                if (request.getAttribute(HttpAttributes.ROUTE_MATCH).isPresent() &&
+                    ((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_MATCH).get()).hasAnnotation(AKHQSecured.class)) {
                     AnnotationValue<AKHQSecured> annotation =
-                        ((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_INFO).get()).getAnnotation(AKHQSecured.class);
+                        ((UriRouteMatch<?, ?>) request.getAttribute(HttpAttributes.ROUTE_MATCH).get()).getAnnotation(AKHQSecured.class);
 
                     return HttpResponse.status(HttpStatus.FORBIDDEN)
                         .body(new JsonError(String.format("Unauthorized: missing permission on resource %s and action %s",