Skip to content

Conversation

chanbinme
Copy link
Contributor

Summary

Use StringUtils.hasText() instead of null check in getAuthoritiesClaimName() to properly handle empty strings and whitespace-only strings.

Problem

The current null check (!= null) incorrectly treats empty strings ("") and whitespace-only strings (" ") as valid claim names. While setAuthoritiesClaimName() validates with Assert.hasText(), the field can be set through other means (reflection, constructors, etc.) that bypass this validation.

Changes

  • Replace != null check with StringUtils.hasText()
  • Add comprehensive test coverage for blank claim names

Testing

Added parameterized tests covering empty strings, whitespace strings, and null values using ReflectionTestUtils to simulate edge cases.

Impact

  • Fixes edge case bugs with blank claim names
  • Maintains full backward compatibility
  • Follows defensive programming principles
  • All existing tests pass

This is a straightforward bug fix that improves robustness without breaking changes.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 14, 2025
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, @chanbinme! I've left my feedback inline.

@chanbinme chanbinme force-pushed the improve-authorities-claim-name-check branch from b6b8aa0 to 39b5cf5 Compare June 18, 2025 15:27
@chanbinme
Copy link
Contributor Author

Hi @jzheaux,

Thank you so much for your helpful feedback!
I've incorporated your suggestions and pushed the changes.
When you have a moment, could you please take another look?
I've also left some comments on the inline feedback for further discussion.

Thanks again for your time and support!

@chanbinme
Copy link
Contributor Author

Thanks for the PR, @chanbinme! I've left my feedback inline.

Hi @jzheaux 👋

No rush at all, just wanted to make sure this didn't get lost in notifications.
Happy to address any additional feedback when you have time.

@chanbinme chanbinme requested a review from jzheaux July 7, 2025 15:17
@jzheaux jzheaux self-assigned this Jul 8, 2025
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 8, 2025
@jzheaux jzheaux added this to the 7.0.0-M2 milestone Aug 13, 2025
This commit simplfies the logic in JwtGrantedAuthoritiesConverter
to no longer need the authoritiesClaimName field.

Signed-off-by: chanbinme <[email protected]>
@jzheaux jzheaux force-pushed the improve-authorities-claim-name-check branch from 92a13c2 to 3293f07 Compare August 13, 2025 16:44
@jzheaux jzheaux merged commit 08fa272 into spring-projects:main Aug 13, 2025
6 checks passed
@jzheaux
Copy link
Contributor

jzheaux commented Aug 13, 2025

Thanks for the updates, @chanbinme! This is now merged into main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement

3 participants