Fixed NPE in HttpsRedirectWebFilter

rs017991 · jzheaux · commit 281ccff907c6 · 2019-03-28T15:12:47.000-06:00
A more descriptive IllegalStateException is now thrown instead in the case that no such port mapping exists. Fixes: gh-6639
diff --git a/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java b/web/src/main/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilter.java
@@ -17,6 +17,7 @@
 package org.springframework.security.web.server.transport;
 
 import java.net.URI;
+import java.util.Optional;
 
 import reactor.core.publisher.Mono;
 
@@ -101,8 +102,9 @@ private URI createRedirectUri(ServerWebExchange exchange) {
 				UriComponentsBuilder.fromUri(exchange.getRequest().getURI());
 
 		if (port > 0) {
-			port = this.portMapper.lookupHttpsPort(port);
-			builder.port(port);
+			builder.port(Optional.ofNullable(this.portMapper.lookupHttpsPort(port))
+									.orElseThrow(() -> new IllegalStateException(
+										"HTTP Port '" + port + "' does not have a corresponding HTTPS Port")));
 		}
 
 		return builder.scheme("https").build().toUri();
diff --git a/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/transport/HttpsRedirectWebFilterTests.java
@@ -112,6 +112,12 @@ public void filterWhenRequestIsInsecureThenPortMapperRemapsPort() {
 		verify(portMapper).lookupHttpsPort(314);
 	}
 
+	@Test
+	public void filterWhenRequestIsInsecureAndNoPortMappingThenThrowsIllegalState() {
+		ServerWebExchange exchange = get("http://localhost:1234");
+		assertThatCode(() -> this.filter.filter(exchange, this.chain).block())
+				.isInstanceOf(IllegalStateException.class);
+	}
 
 	@Test
 	public void filterWhenInsecureRequestHasAPathThenRedirects() {
