Skip to content

Commit 442facc

Browse files
marckchrjzheaux
marckchr
authored and
jzheaux
committed
Avoid NPE in FilterInvocation
Handle unknown headers in dummy request wrapper. Closes gh-12998
1 parent e251178 commit 442facc

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

web/src/main/java/org/springframework/security/web/FilterInvocation.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import java.util.Collections;
2727
import java.util.Enumeration;
2828
import java.util.LinkedHashMap;
29+
import java.util.List;
2930
import java.util.Map;
3031

3132
import javax.servlet.FilterChain;
@@ -257,7 +258,11 @@ public String getHeader(String name) {
257258

258259
@Override
259260
public Enumeration<String> getHeaders(String name) {
260-
return Collections.enumeration(this.headers.get(name));
261+
List<String> headerList = this.headers.get(name);
262+
if (headerList == null) {
263+
return Collections.emptyEnumeration();
264+
}
265+
return Collections.enumeration(headerList);
261266
}
262267

263268
@Override

web/src/test/java/org/springframework/security/web/FilterInvocationTests.java

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616

1717
package org.springframework.security.web;
1818

19+
import java.util.Enumeration;
20+
import java.util.NoSuchElementException;
21+
1922
import javax.servlet.FilterChain;
2023
import javax.servlet.http.HttpServletRequest;
2124
import javax.servlet.http.HttpServletResponse;
@@ -142,4 +145,23 @@ public void constructorWhenServletContextProvidedThenSetServletContextInRequest(
142145
assertThat(filterInvocation.getRequest().getServletContext()).isSameAs(mockServletContext);
143146
}
144147

148+
@Test
149+
public void testDummyRequestGetHeaders() {
150+
DummyRequest request = new DummyRequest();
151+
request.addHeader("known", "val");
152+
Enumeration<String> headers = request.getHeaders("known");
153+
assertThat(headers.hasMoreElements()).isTrue();
154+
assertThat(headers.nextElement()).isEqualTo("val");
155+
assertThat(headers.hasMoreElements()).isFalse();
156+
assertThatExceptionOfType(NoSuchElementException.class).isThrownBy(headers::nextElement);
157+
}
158+
159+
@Test
160+
public void testDummyRequestGetHeadersNull() {
161+
DummyRequest request = new DummyRequest();
162+
Enumeration<String> headers = request.getHeaders("unknown");
163+
assertThat(headers.hasMoreElements()).isFalse();
164+
assertThatExceptionOfType(NoSuchElementException.class).isThrownBy(headers::nextElement);
165+
}
166+
145167
}

0 commit comments

Comments
 (0)