Open jumarko opened 1 year ago
To workaround the problem I added a null check here: https://github.com/jumarko/api-security-in-action/blob/chapter8/natter-api/src/main/java/com/manning/apisecurityinaction/controllers/UserController.java#L123
if (groups != null) { // TODO: this is needed because TokenController doesn't sets "groups" request attribute yet
for (var group : groups) {
...
After implementing the code for adding and checking groups from the opening of Chapter 8.1, my app is failing with this NPE:
This is because the code in requirePermissions method doesn't count with the possibility for the request attribute "groups" not being present at all (null).
However, the implementation shown in the book only calls
request.attribute("groups", ...)
inUserController#authenticate
. That method is solely used for Basic authentication though (it returns very early if non-basic auth is used.Since I'm using OAuth Token authentication (as implemented in chapter 7), it's failing for me. Did I miss something or it's implemented later in the book? Or is it just not supposed to be used with token authentication at the moment?