Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error #14802

Closed
beijixing1745 opened this issue Mar 25, 2024 · 0 comments
Closed

bug org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector introspect method error #14802

beijixing1745 opened this issue Mar 25, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug

Comments

@beijixing1745
Copy link

Describe the bug
java.lang.UnsupportedOperationException: null
at java.base/java.util.Collections$EmptyMap.computeIfPresent(Collections.java:4770)

To Reproduce

in method introspect if claims is null,invoke method convertClaimsSet will throw UnsupportedOperationException。

public OAuth2AuthenticatedPrincipal introspect(String token) {
        RequestEntity<?> requestEntity = (RequestEntity)this.requestEntityConverter.convert(token);
        if (requestEntity == null) {
            throw new OAuth2IntrospectionException("requestEntityConverter returned a null entity");
        } else {
            ResponseEntity<Map<String, Object>> responseEntity = this.makeRequest(requestEntity);
            Map<String, Object> claims = this.adaptToNimbusResponse(responseEntity);
            return this.convertClaimsSet(claims);
        }
    }



private Map<String, Object> adaptToNimbusResponse(ResponseEntity<Map<String, Object>> responseEntity) {
        if (responseEntity.getStatusCode() != HttpStatus.OK) {
            throw new OAuth2IntrospectionException("Introspection endpoint responded with " + responseEntity.getStatusCode());
        } else {
            Map<String, Object> claims = (Map)responseEntity.getBody();
            if (claims == null) {
                return Collections.emptyMap();
            } else {
                boolean active = (Boolean)claims.compute("active", (k, v) -> {
                    if (v instanceof String) {
                        return Boolean.parseBoolean((String)v);
                    } else {
                        return v instanceof Boolean ? v : false;
                    }
                });
                if (!active) {
                    this.logger.trace("Did not validate token since it is inactive");
                    throw new BadOpaqueTokenException("Provided token isn't active");
                } else {
                    return claims;
                }
            }
        }
    }

    private OAuth2AuthenticatedPrincipal convertClaimsSet(Map<String, Object> claims) {
        claims.computeIfPresent("aud", (k, v) -> {
            return v instanceof String ? Collections.singletonList(v) : v;
        });
        claims.computeIfPresent("client_id", (k, v) -> {
            return v.toString();
        });
        claims.computeIfPresent("exp", (k, v) -> {
            return Instant.ofEpochSecond(((Number)v).longValue());
        });
        claims.computeIfPresent("iat", (k, v) -> {
            return Instant.ofEpochSecond(((Number)v).longValue());
        });
        claims.computeIfPresent("iss", (k, v) -> {
            return v.toString();
        });
        claims.computeIfPresent("nbf", (k, v) -> {
            return Instant.ofEpochSecond(((Number)v).longValue());
        });
        Collection<GrantedAuthority> authorities = new ArrayList();
        claims.computeIfPresent("scope", (k, v) -> {
            if (!(v instanceof String)) {
                return v;
            } else {
                Collection<String> scopes = Arrays.asList(((String)v).split(" "));
                Iterator var4 = scopes.iterator();

                while(var4.hasNext()) {
                    String scope = (String)var4.next();
                    authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
                }

                return scopes;
            }
        });
        return new OAuth2IntrospectionAuthenticatedPrincipal(claims, authorities);
    }

Expected behavior

1.in method adaptToNimbusResponse return new HashMap()。
so next method use claims will not throw UnsupportedOperationException。
@beijixing1745 beijixing1745 added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Mar 25, 2024
@jzheaux jzheaux self-assigned this Apr 2, 2024
@jzheaux jzheaux added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 2, 2024
@jzheaux jzheaux mentioned this issue Apr 4, 2024
Closed
@jzheaux jzheaux closed this as completed in 0af0751 Apr 4, 2024
@jzheaux jzheaux moved this to Done in Spring Security Team May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jzheaux @beijixing1745