Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth2Login DSL fails when passing a SecurityContextRepository #16623

Open
marcusdacoregio opened this issue Feb 19, 2025 · 0 comments
Open

oauth2Login DSL fails when passing a SecurityContextRepository #16623

marcusdacoregio opened this issue Feb 19, 2025 · 0 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@marcusdacoregio
Copy link
Contributor

Describe the bug

Hi team ❤ , I'm trying to set the SecurityContextRepository configured by the oauth2Login() DSL and it fails with:

Caused by: java.lang.NullPointerException: Cannot invoke "org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.setSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)" because "this.authFilter" is null
	at org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer.securityContextRepository(AbstractAuthenticationFilterConfigurer.java:149) ~[spring-security-config-6.4.2.jar:6.4.2]
	at com.dooall.oauth2loginbug.Oauth2LoginBugApplication.lambda$filterChain$0(Oauth2LoginBugApplication.java:20) ~[main/:na]
	at org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2Login(HttpSecurity.java:2857) ~[spring-security-config-6.4.2.jar:6.4.2]
	at com.dooall.oauth2loginbug.Oauth2LoginBugApplication.filterChain(Oauth2LoginBugApplication.java:19) ~[main/:na]

I couldn't find any older issue related to this. The authFilter from AbstractAuthenticationFilterConfigurer is only instantiated at the OAuth2LoginConfigurer#init method, but setSecurityContextRepository is called before init. The current workaround is to add a ObjectPostProcessor:

.addObjectPostProcessor(new ObjectPostProcessor<OAuth2LoginAuthenticationFilter>() {
	@Override
	public <O extends OAuth2LoginAuthenticationFilter> O postProcess(O filter) {
		filter.setSecurityContextRepository(new NullSecurityContextRepository());
		return filter;
	}
})

To Reproduce
Clone the sample application and run it.

Expected behavior
The DSL should accept the provided SecurityContextRepository

Sample

https://github.com/marcusdacoregio/oauth2-login-bug
@marcusdacoregio marcusdacoregio added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marcusdacoregio