Closed lArtiquel closed 1 year ago
Good catch.
Would you create a PR for that? If I just copy your code, you would not get the authoring.
@ch4mpy yep, just created one #101
@lArtiquel I just released
5.4.2
(assembled with JDK-8, to be used with boot 2)6.0.15
(assembled with JDK-17, to be used with boot 3)Both are now available from maven-central (I just checked)
I also updated the main README (after the releases so that there is no risk one finds it in README but not on maven-central)
Thank you again for reporting the bug, finding a fix and submitting a PR for each branch!
Do not hesitate to submit a feature request if your are missing something on the 5.x branch that would be only on the 6.x. I'd handle the backport.
Description Hello 👋
I spotted a small bug while testing a multi-tentancy feature.
Expected Result In my use-case scenario, REST API endpoint call to the resource server with auth token issued by Realm not specified in the
com.c4-soft.springaddons.security.issuers[*].location
list, should return 401 (Unauthorized) Status Code instead of 500 SC.Debugging process explained
java.lang.NullPointerException: null at org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver$ResolvingAuthenticationManager.lambda$authenticate$1(JwtIssuerReactiveAuthenticationManagerResolver.java:145) ~[spring-security-oauth2-resource-server-5.5.4.jar:5.5.4] Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: Error has been observed at the following site(s): __checkpoint ⇢ org.springframework.security.web.server.authentication.AuthenticationWebFilter [DefaultWebFilterChain] checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain] *checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain] __checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain] checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain] *checkpoint ⇢ org.springframework.boot.actuate.metrics.web.reactive.server.MetricsWebFilter [DefaultWebFilterChain] *__checkpoint ⇢ HTTP GET "/dummy" [ExceptionHandlingWebHandler]
return this.issuerAuthenticationManagerResolver.resolve(issuer).switchIfEmpty(Mono.error(() -> { return new InvalidBearerTokenException("Invalid issuer " + issuer); }));