Skip to content

Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter #17247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 13, 2025
Merged

Improve authoritiesClaimName validation in JwtGrantedAuthoritiesConverter #17247

merged 1 commit into from
Aug 13, 2025
+3 −6

Conversation

chanbinme
Copy link
Contributor

Summary

Use StringUtils.hasText() instead of null check in getAuthoritiesClaimName() to properly handle empty strings and whitespace-only strings.

Problem

The current null check (!= null) incorrectly treats empty strings ("") and whitespace-only strings (" ") as valid claim names. While setAuthoritiesClaimName() validates with Assert.hasText(), the field can be set through other means (reflection, constructors, etc.) that bypass this validation.

Changes

  • Replace != null check with StringUtils.hasText()
  • Add comprehensive test coverage for blank claim names

Testing

Added parameterized tests covering empty strings, whitespace strings, and null values using ReflectionTestUtils to simulate edge cases.

Impact

  • Fixes edge case bugs with blank claim names
  • Maintains full backward compatibility
  • Follows defensive programming principles
  • All existing tests pass

This is a straightforward bug fix that improves robustness without breaking changes.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 14, 2025
jzheaux
jzheaux requested changes Jun 17, 2025
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, @chanbinme! I've left my feedback inline.

@chanbinme chanbinme force-pushed the improve-authorities-claim-name-check branch from b6b8aa0 to 39b5cf5 Compare June 18, 2025 15:27
@chanbinme
Copy link
Contributor Author

Hi @jzheaux,

Thank you so much for your helpful feedback!
I've incorporated your suggestions and pushed the changes.
When you have a moment, could you please take another look?
I've also left some comments on the inline feedback for further discussion.

Thanks again for your time and support!

@chanbinme
Copy link
Contributor Author

Thanks for the PR, @chanbinme! I've left my feedback inline.

Hi @jzheaux 👋

No rush at all, just wanted to make sure this didn't get lost in notifications.
Happy to address any additional feedback when you have time.

@chanbinme chanbinme requested a review from jzheaux July 7, 2025 15:17
@jzheaux jzheaux self-assigned this Jul 8, 2025
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 8, 2025
@jzheaux jzheaux added this to the 7.0.0-M2 milestone Aug 13, 2025
@chanbinme @jzheaux
Remove authoritiesClaimName Field
3293f07 
This commit simplfies the logic in JwtGrantedAuthoritiesConverter
to no longer need the authoritiesClaimName field.

Signed-off-by: chanbinme <[email protected]>
@jzheaux jzheaux force-pushed the improve-authorities-claim-name-check branch from 92a13c2 to 3293f07 Compare August 13, 2025 16:44
@jzheaux jzheaux merged commit 08fa272 into spring-projects:main Aug 13, 2025
6 checks passed
@jzheaux
Copy link
Contributor

jzheaux commented Aug 13, 2025

Thanks for the updates, @chanbinme! This is now merged into main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux jzheaux approved these changes

Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M2
Development

Successfully merging this pull request may close these issues.
3 participants
@chanbinme @jzheaux @spring-projects-issues