diff --git a/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java b/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java index 5a695a1f0b..414cd47883 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java @@ -105,7 +105,7 @@ public class PublicKeyCredentialCreationOptionsFilter extends OncePerRequestFilt Supplier context = this.securityContextHolderStrategy.getDeferredContext(); Supplier authentication = () -> context.get().getAuthentication(); AuthorizationResult result = this.authorization.authorize(authentication, request); - if (!result.isGranted()) { + if (result == null || !result.isGranted()) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; }