Spring Security
  1. Spring Security
  2. SEC-1321

RoleVoter throws null pointer exception if Authentication object's granted authorities array is null

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.5
    • Fix Version/s: 3.0.0
    • Component/s: Core
    • Labels:
      None

      Description

      RoleVoter throws null pointer exception if Authentication object's granted authorities array is null.

      java.lang.NullPointerException
      at org.springframework.security.vote.RoleVoter.vote(RoleVoter.java:107)
      at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:51)

      If a user doesn't have any roles, there is not point in passing it 0-size array (memory inefficient), so RoleVoter should handle such situation.

        Activity

        Hide
        Luke Taylor added a comment -

        I'd prefer to tighten up the contract and disallow null values in the authentication object. The argument about memory doesn't really apply in 3.0, as a single empty collection can be shared throughout the entire application.

        Show
        Luke Taylor added a comment - I'd prefer to tighten up the contract and disallow null values in the authentication object. The argument about memory doesn't really apply in 3.0, as a single empty collection can be shared throughout the entire application.
        Hide
        Luke Taylor added a comment -

        See SEC-1325.

        This isn't actually a bug in any case, as the existing contract says that the authorities should only be null in the case where the token hasn't been authentcated.

        Show
        Luke Taylor added a comment - See SEC-1325 . This isn't actually a bug in any case, as the existing contract says that the authorities should only be null in the case where the token hasn't been authentcated.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Adam Dyga
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: