JoergAdler
commented
3 years ago We identified the problem with local debugging. It was that long values cannot be deserialized. Added it to that pull request
Open JoergAdler opened 3 years ago
JoergAdler
commented
3 years ago We identified the problem with local debugging. It was that long values cannot be deserialized. Added it to that pull request
We were facing the following NPE:
java.lang.NullPointerException: value at java.util.Objects.requireNonNull(Objects.java:228) at com.mercateo.spring.security.jwt.token.claim.JWTClaim$Builder.value(JWTClaim.java:440) at com.mercateo.spring.security.jwt.token.extractor.HierarchicalClaimsExtractor.lambda$extractClaims$1(HierarchicalClaimsExtractor.java:86) at com.mercateo.spring.security.jwt.relocated.io.vavr.collection.Stream.map(Stream.java:1221) at com.mercateo.spring.security.jwt.relocated.io.vavr.collection.Stream.lambda$map$9(Stream.java:1221) at com.mercateo.spring.security.jwt.relocated.io.vavr.Lazy.computeValue(Lazy.java:161) at com.mercateo.spring.security.jwt.relocated.io.vavr.Lazy.get(Lazy.java:155) at com.mercateo.spring.security.jwt.relocated.io.vavr.collection.StreamModule$ConsImpl.tail(Stream.java:1924) at com.mercateo.spring.security.jwt.relocated.io.vavr.collection.StreamModule$StreamIterator.hasNext(Stream.java:2132) at com.mercateo.spring.security.jwt.relocated.io.vavr.collection.List.ofAll(List.java:269) at com.mercateo.spring.security.jwt.relocated.io.vavr.ValueModule.toTraversable(Value.java:1528) at com.mercateo.spring.security.jwt.relocated.io.vavr.Value.toList(Value.java:1060) at com.mercateo.spring.security.jwt.token.extractor.HierarchicalClaimsExtractor.extractClaims(HierarchicalClaimsExtractor.java:91) at com.mercateo.spring.security.jwt.token.extractor.HierarchicalClaimsExtractor.extractClaims(HierarchicalClaimsExtractor.java:69) at com.mercateo.spring.security.jwt.token.extractor.ValidatingHierarchicalClaimsExtractor.extractClaims(ValidatingHierarchicalClaimsExtractor.java:67) at com.mercateo.spring.security.jwt.security.JWTAuthenticationProvider.retrieveUser(JWTAuthenticationProvider.java:63) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:133) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)My assumption is that we have a claim which is explicitly set to null
To see if that assumption is correct I have done the following: