Check for null Authentication

Closes gh-14715

Author: marcusdacoregio

core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java

@@ -57,7 +57,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
 
 	private boolean isFullyAuthenticated(Authentication authentication) {
-		return (!this.authenticationTrustResolver.isAnonymous(authentication)
+		return authentication != null && (!this.authenticationTrustResolver.isAnonymous(authentication)
 				&& !this.authenticationTrustResolver.isRememberMe(authentication));
 	}
 

core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java

@@ -59,6 +59,7 @@ public void testAnonymousWorks() {
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createAnonymous(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
 	}
 
 	@Test
@@ -68,6 +69,7 @@ public void testFullyWorks() {
 		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createRememberMe(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
 	}
 
 	@Test
@@ -77,6 +79,7 @@ public void testRememberMeWorks() {
 		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(createAnonymous(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createRememberMe(), null, def));
 		assertThat(AccessDecisionVoter.ACCESS_GRANTED).isEqualTo(voter.vote(createFullyAuthenticated(), null, def));
+		assertThat(AccessDecisionVoter.ACCESS_DENIED).isEqualTo(voter.vote(null, null, def));
 	}
 
 	@Test