Fix NullPointerException

tristanexsquare · jzheaux · commit 580b988e7f76 · 2021-01-21T16:22:29.000-07:00
- Caused by a malformed WWW-Authenticate value Closes gh-9364
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -70,6 +70,9 @@ private OAuth2Error readErrorFromWwwAuthenticate(HttpHeaders headers) {
 			return null;
 		}
 		BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader);
+		if (bearerTokenError == null) {
+			return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null);
+		}
 		String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode()
 				: OAuth2ErrorCodes.SERVER_ERROR;
 		String errorDescription = bearerTokenError.getDescription();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,4 +58,13 @@ public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() {
 				.withMessage("[insufficient_scope] The access token expired");
 	}
 
+	@Test
+	public void handleErrorWhenErrorResponseWithInvalidWwwAuthenticateHeaderThenHandled() {
+		String invalidWwwAuthenticateHeader = "Unauthorized";
+		MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
+		response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, invalidWwwAuthenticateHeader);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("[server_error] ");
+	}
+
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2018 the original author or authors.`
	`2`	`+ * Copyright 2002-2021 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -58,4 +58,13 @@ public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() {`
`58`	`58`	`.withMessage("[insufficient_scope] The access token expired");`
`59`	`59`	`}`
`60`	`60`
	`61`	`+ @Test`
	`62`	`+ public void handleErrorWhenErrorResponseWithInvalidWwwAuthenticateHeaderThenHandled() {`
	`63`	`+ String invalidWwwAuthenticateHeader = "Unauthorized";`
	`64`	`+ MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);`
	`65`	`+ response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, invalidWwwAuthenticateHeader);`
	`66`	`+ assertThatExceptionOfType(OAuth2AuthorizationException.class)`
	`67`	`+ .isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("[server_error] ");`
	`68`	`+ }`
	`69`	`+`
`61`	`70`	`}`