Add null check for authentication token in JwtAuthenticationProvider

chanbinme · rwinch · commit 9cf563891419 · 2025-06-17T13:32:43.000-05:00
Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.

Signed-off-by: chanbinme &lt;gksmfcksqls@gmail.com&gt;
diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.java
@@ -87,6 +87,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 		BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
 		Jwt jwt = getJwt(bearer);
 		AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
+		Assert.notNull(token, "token cannot be null");
 		if (token.getDetails() == null) {
 			token.setDetails(bearer.getDetails());
 		}
diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProviderTests.java
@@ -35,8 +35,7 @@
 import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.*;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
@@ -152,6 +151,19 @@ public void authenticateWhenConverterSetsAuthenticationDetailsThenProviderDoesNo
 		// @formatter:on
 	}
 
+	@Test
+	public void authenticateWhenConverterReturnsNullThenThrowException() {
+		BearerTokenAuthenticationToken token = this.authentication();
+		Jwt jwt = TestJwts.jwt().build();
+		given(this.jwtDecoder.decode("token")).willReturn(jwt);
+		given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(null);
+		// @formatter:off
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> this.provider.authenticate(token))
+				.withMessageContaining("token cannot be null");
+		// @formatter:on
+	}
+
 	@Test
 	public void supportsWhenBearerTokenAuthenticationTokenThenReturnsTrue() {
 		assertThat(this.provider.supports(BearerTokenAuthenticationToken.class)).isTrue();

Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,7 @@ public Authentication authenticate(Authentication authentication) throws Authent`
`87`	`87`	`BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;`
`88`	`88`	`Jwt jwt = getJwt(bearer);`
`89`	`89`	`AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);`
	`90`	`+ Assert.notNull(token, "token cannot be null");`
`90`	`91`	`if (token.getDetails() == null) {`
`91`	`92`	`token.setDetails(bearer.getDetails());`
`92`	`93`	`}`