The SwitchUserFilter setup fails when upgrading Spring Boot and Spring Security.
Depending on the version, it throws either an IllegalArgumentException: currentAuthentication cannot be null or IllegalArgumentException: source cannot be null when attempting to trigger the impersonation URL.
@Bean
public SwitchUserFilter switchUserFilter() throws Exception {
final SwitchUserFilter switchUserFilter = new SwitchUserFilter();
switchUserFilter.setUserDetailsService(userDetailsService);
switchUserFilter.setSwitchUserMatcher(PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, SWITCH_USER_URL));
switchUserFilter.setExitUserMatcher(PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, SWITCH_USER_EXIT_URL));
switchUserFilter.setTargetUrl("/");
switchUserFilter.setSwitchFailureUrl(ACCESS_DENIED_URL);
return switchUserFilter;
}
I configure the filter like that : http.addFilterAfter(switchUserFilter(), AuthorizationFilter.class);
- spring-boot-starter-parent 4.1.0, spring-security 7.1.0 :
java.lang.IllegalArgumentException: currentAuthentication cannot be null
at org.springframework.util.Assert.notNull(Assert.java:182)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.createSwitchUserToken(SwitchUserFilter.java:306)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:243)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:190)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:181)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:385)
- spring-boot-starter-parent 4.0.7, spring-security 7.0.6 :
java.lang.IllegalArgumentException: source cannot be null
at org.springframework.util.Assert.notNull(Assert.java:182)
at org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.<init>(SwitchUserGrantedAuthority.java:45)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.createSwitchUserToken(SwitchUserFilter.java:306)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:243)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:190)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:181)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:385)
The SwitchUserFilter setup fails when upgrading Spring Boot and Spring Security.
Depending on the version, it throws either an IllegalArgumentException: currentAuthentication cannot be null or IllegalArgumentException: source cannot be null when attempting to trigger the impersonation URL.
I configure the filter like that : http.addFilterAfter(switchUserFilter(), AuthorizationFilter.class);