Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #11888

Closed
dsbecker opened this issue Sep 21, 2022 · 2 comments
Closed

IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy #11888

dsbecker opened this issue Sep 21, 2022 · 2 comments
Assignees
@jzheaux
Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Milestone
5.7.5

Comments

@dsbecker
Copy link
Contributor

Describe the bug
When server.forward-headers-strategy=framework is used in a WebFlux project that makes use of an IpAddressServerWebExchangeMatcher a NullPointerException is thrown when a Forwarded or X-Forwarded-For header is present because the remoteAddress created by ForwardedHeaderTransformer is unresolved.

To Reproduce

  1. Create a sample WebFlux project and set server.forward-headers-strategy=framework
  2. Define a SecurityWebFilterChain bean that calls an IpAddressServerWebExchangeMatcher
  3. Submit a request with a Forwarded or X-Forwarded-For header

Expected behavior
The IpAddressServerWebExchangeMatcher should execute as normal with no exception thrown.

Sample
server.forward-headers-strategy=framework

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity httpSecurity) {
        return httpSecurity
                .authorizeExchange(auth -> auth
                        .pathMatchers("/**")
                            .access((authentication, authorizationContext) ->
                                new IpAddressServerWebExchangeMatcher("255.255.255.255")
                                        .matches(authorizationContext.getExchange())
                                        .map(matchResult -> new AuthorizationDecision(matchResult.isMatch()))))
                .build();
    }
@dsbecker dsbecker added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 21, 2022
@dsbecker dsbecker mentioned this issue Sep 21, 2022
Closed
@dsbecker
Copy link
Contributor Author

Submitted PR to fix this: #11889

@sjohnr sjohnr added the in: web An issue in web modules (web, webmvc) label Sep 23, 2022
@jzheaux jzheaux removed the status: waiting-for-triage An issue we've not yet triaged label Oct 24, 2022
@jzheaux jzheaux modified the milestones: 5.6.9, 5.7.5 Oct 24, 2022
jzheaux pushed a commit that referenced this issue Oct 24, 2022
@dsbecker @jzheaux
Use InetSocketAddress#getHostString
2b42687 
Sometimes InetSocketAddress#getAddress#getHostAddress retuns null.
In that case, call InetSocketAddress#getHostString instead.

There is no performance loss since IpAddressMatcher#matches attemptsi
to re-parse and resolve the address anyway.

Closes gh-11888
This was referenced Oct 24, 2022
Closed
Closed
@jzheaux
Copy link
Contributor

jzheaux commented Oct 24, 2022

Closed in 2b42687

@jzheaux jzheaux closed this as completed Oct 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
None yet
Milestone
5.7.5
Development

Successfully merging a pull request may close this issue.

Fix NullPointerException
3 participants
@jzheaux @sjohnr @dsbecker