Skip to content

Commit 30a1c1a

Browse files
Fabio Guencijzheaux
Fabio Guenci
authored and
jzheaux
committed
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the original value for all the claims with a null converted value. The changes allows ClaimTypeConverter to overwrite and return claims with converted value of null. Closes gh-10135
1 parent 6f3e346 commit 30a1c1a

File tree

3 files changed

+18
-5
lines changed

3 files changed

+18
-5
lines changed

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverter.java

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2019 the original author or authors.
2+
* Copyright 2002-2021 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -56,10 +56,7 @@ public Map<String, Object> convert(Map<String, Object> claims) {
5656
this.claimTypeConverters.forEach((claimName, typeConverter) -> {
5757
if (claims.containsKey(claimName)) {
5858
Object claim = claims.get(claimName);
59-
Object mappedClaim = typeConverter.convert(claim);
60-
if (mappedClaim != null) {
61-
result.put(claimName, mappedClaim);
62-
}
59+
result.put(claimName, typeConverter.convert(claim));
6360
}
6461
});
6562
return result;

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/converter/ClaimTypeConverterTests.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,8 @@ public class ClaimTypeConverterTests {
6262

6363
private static final String JSON_OBJECT_CLAIM = "json-object-claim";
6464

65+
private static final String NULL_OBJECT_CLAIM = "null-object-claim";
66+
6567
private ClaimTypeConverter claimTypeConverter;
6668

6769
@BeforeEach
@@ -77,6 +79,7 @@ public void setup() {
7779
TypeDescriptor.collection(List.class, TypeDescriptor.valueOf(String.class)));
7880
Converter<Object, ?> mapStringObjectConverter = getConverter(TypeDescriptor.map(Map.class,
7981
TypeDescriptor.valueOf(String.class), TypeDescriptor.valueOf(Object.class)));
82+
Converter<Object, ?> nullConverter = (value) -> null;
8083
Map<String, Converter<Object, ?>> claimTypeConverters = new HashMap<>();
8184
claimTypeConverters.put(STRING_CLAIM, stringConverter);
8285
claimTypeConverters.put(BOOLEAN_CLAIM, booleanConverter);
@@ -85,6 +88,7 @@ public void setup() {
8588
claimTypeConverters.put(COLLECTION_STRING_CLAIM, collectionStringConverter);
8689
claimTypeConverters.put(LIST_STRING_CLAIM, listStringConverter);
8790
claimTypeConverters.put(MAP_STRING_OBJECT_CLAIM, mapStringObjectConverter);
91+
claimTypeConverters.put(NULL_OBJECT_CLAIM, nullConverter);
8892
this.claimTypeConverter = new ClaimTypeConverter(claimTypeConverters);
8993
}
9094

@@ -138,6 +142,7 @@ public void convertWhenAllClaimsRequireConversionThenConvertAll() throws Excepti
138142
claims.put(MAP_STRING_OBJECT_CLAIM, mapIntegerObject);
139143
claims.put(JSON_ARRAY_CLAIM, jsonArray);
140144
claims.put(JSON_OBJECT_CLAIM, jsonObject);
145+
claims.put(NULL_OBJECT_CLAIM, instant.toString());
141146
claims = this.claimTypeConverter.convert(claims);
142147
assertThat(claims.get(STRING_CLAIM)).isEqualTo("true");
143148
assertThat(claims.get(BOOLEAN_CLAIM)).isEqualTo(Boolean.TRUE);
@@ -148,6 +153,7 @@ public void convertWhenAllClaimsRequireConversionThenConvertAll() throws Excepti
148153
assertThat(claims.get(MAP_STRING_OBJECT_CLAIM)).isEqualTo(mapStringObject);
149154
assertThat(claims.get(JSON_ARRAY_CLAIM)).isEqualTo(jsonArrayListString);
150155
assertThat(claims.get(JSON_OBJECT_CLAIM)).isEqualTo(jsonObjectMap);
156+
assertThat(claims.get(NULL_OBJECT_CLAIM)).isNull();
151157
}
152158

153159
@Test

oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/MappedJwtClaimSetConverterTests.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,8 +123,18 @@ public void convertWhenUsingCustomConverterThenAllOtherDefaultsAreStillUsed() {
123123
assertThat(target.get(JwtClaimNames.SUB)).isEqualTo("1234");
124124
}
125125

126+
// gh-10135
126127
@Test
127128
public void convertWhenConverterReturnsNullThenClaimIsRemoved() {
129+
MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter
130+
.withDefaults(Collections.singletonMap(JwtClaimNames.NBF, (nbfClaimValue) -> null));
131+
Map<String, Object> source = Collections.singletonMap(JwtClaimNames.NBF, Instant.now());
132+
Map<String, Object> target = converter.convert(source);
133+
assertThat(target).doesNotContainKey(JwtClaimNames.NBF);
134+
}
135+
136+
@Test
137+
public void convertWhenClaimValueIsNullThenClaimIsRemoved() {
128138
MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
129139
Map<String, Object> source = Collections.singletonMap(JwtClaimNames.ISS, null);
130140
Map<String, Object> target = converter.convert(source);

0 commit comments

Comments
 (0)