From fc113210104082f96ec6516a66d2397f9d23554a Mon Sep 17 00:00:00 2001 From: Juergen Hoeller Date: Mon, 20 Feb 2017 23:00:07 +0100 Subject: [PATCH] ServletRequestMethodArgumentResolver passes null references through (again) Issue: SPR-15214 --- .../ServletRequestMethodArgumentResolver.java | 10 +++++----- .../ServletRequestMethodArgumentResolverTests.java | 11 ++++++++++- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java index 17230276b3..88924d354f 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java @@ -121,7 +121,7 @@ public class ServletRequestMethodArgumentResolver implements HandlerMethodArgume private Object resolveArgument(Class paramType, HttpServletRequest request) throws IOException { if (HttpSession.class.isAssignableFrom(paramType)) { HttpSession session = request.getSession(); - if (!paramType.isInstance(session)) { + if (session != null && !paramType.isInstance(session)) { throw new IllegalStateException( "Current session is not of type [" + paramType.getName() + "]: " + session); } @@ -129,7 +129,7 @@ public class ServletRequestMethodArgumentResolver implements HandlerMethodArgume } else if (getPushBuilderMethod != null && getPushBuilderMethod.getReturnType().isAssignableFrom(paramType)) { Object pushBuilder = ReflectionUtils.invokeMethod(getPushBuilderMethod, request); - if (!paramType.isInstance(pushBuilder)) { + if (pushBuilder != null && !paramType.isInstance(pushBuilder)) { throw new IllegalStateException( "Current push builder is not of type [" + paramType.getName() + "]: " + pushBuilder); } @@ -137,7 +137,7 @@ public class ServletRequestMethodArgumentResolver implements HandlerMethodArgume } else if (InputStream.class.isAssignableFrom(paramType)) { InputStream inputStream = request.getInputStream(); - if (!paramType.isInstance(inputStream)) { + if (inputStream != null && !paramType.isInstance(inputStream)) { throw new IllegalStateException( "Request input stream is not of type [" + paramType.getName() + "]: " + inputStream); } @@ -145,7 +145,7 @@ public class ServletRequestMethodArgumentResolver implements HandlerMethodArgume } else if (Reader.class.isAssignableFrom(paramType)) { Reader reader = request.getReader(); - if (!paramType.isInstance(reader)) { + if (reader != null && !paramType.isInstance(reader)) { throw new IllegalStateException( "Request body reader is not of type [" + paramType.getName() + "]: " + reader); } @@ -153,7 +153,7 @@ public class ServletRequestMethodArgumentResolver implements HandlerMethodArgume } else if (Principal.class.isAssignableFrom(paramType)) { Principal userPrincipal = request.getUserPrincipal(); - if (!paramType.isInstance(userPrincipal)) { + if (userPrincipal != null && !paramType.isInstance(userPrincipal)) { throw new IllegalStateException( "Current user principal is not of type [" + paramType.getName() + "]: " + userPrincipal); } diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java index 479e957bb0..3daeb1eaec 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java @@ -62,7 +62,7 @@ public class ServletRequestMethodArgumentResolverTests { @Before - public void setUp() throws Exception { + public void setup() throws Exception { method = getClass().getMethod("supportedParams", ServletRequest.class, MultipartRequest.class, HttpSession.class, Principal.class, Locale.class, InputStream.class, Reader.class, WebRequest.class, TimeZone.class, ZoneId.class, HttpMethod.class); @@ -112,6 +112,15 @@ public class ServletRequestMethodArgumentResolverTests { assertSame("Invalid result", principal, result); } + @Test + public void principalAsNull() throws Exception { + MethodParameter principalParameter = new MethodParameter(method, 3); + assertTrue("Principal not supported", resolver.supportsParameter(principalParameter)); + + Object result = resolver.resolveArgument(principalParameter, null, webRequest, null); + assertNull("Invalid result", result); + } + @Test public void locale() throws Exception { Locale locale = Locale.ENGLISH;