From 7d6bdfedc807fb4abff7da9307bb3f42425391f2 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Tue, 22 Apr 2025 15:40:11 -0600 Subject: [PATCH] Add Null Guard for Authorization Result --- .../registration/PublicKeyCredentialCreationOptionsFilter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java b/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java index 5a695a1f0b..414cd47883 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java @@ -105,7 +105,7 @@ public class PublicKeyCredentialCreationOptionsFilter extends OncePerRequestFilt Supplier context = this.securityContextHolderStrategy.getDeferredContext(); Supplier authentication = () -> context.get().getAuthentication(); AuthorizationResult result = this.authorization.authorize(authentication, request); - if (!result.isGranted()) { + if (result == null || !result.isGranted()) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; }