Merge pull request #5916 from ant-media/fix-null-ptr

Fix null pointer exception in JWTFilter
ant-media · Dec 20, 2023 · a1bd8f8 · a1bd8f8
2 parents 32af48c + 2f46ffc
commit a1bd8f8
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/src/main/java/io/antmedia/filter/JWTFilter.java b/src/main/java/io/antmedia/filter/JWTFilter.java
@@ -41,8 +41,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 		appSettings = getAppSettings();
 
 		HttpServletRequest httpRequest = (HttpServletRequest) request;
-
-		if(appSettings != null && !appSettings.isJwtControlEnabled() || (httpRequest.getHeader(JWT_TOKEN_HEADER) != null && checkJWT(httpRequest.getHeader(JWT_TOKEN_HEADER)))) {
+		if(appSettings == null){
+			((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, "Application is getting initialized");
+			return;
+		}
+		if(!appSettings.isJwtControlEnabled() || (httpRequest.getHeader(JWT_TOKEN_HEADER) != null && checkJWT(httpRequest.getHeader(JWT_TOKEN_HEADER)))) {
 			chain.doFilter(request, response);
 			return;
 		}

diff --git a/src/test/java/io/antmedia/test/filter/JWTFilterTest.java b/src/test/java/io/antmedia/test/filter/JWTFilterTest.java
@@ -6,6 +6,7 @@
 
 import jakarta.servlet.ServletException;
 
+import jakarta.servlet.http.HttpServletResponse;
 import org.junit.Test;
 import org.mockito.Mockito;
 import org.slf4j.Logger;
@@ -45,6 +46,28 @@ public void testDoFilterPass() throws IOException, ServletException {
 
 		System.out.println("Valid Token: " + token);
 
+        // App Settings Null (App getting initialized)
+        {
+            //reset filterchain
+            filterChain = new MockFilterChain();
+
+            //reset httpServletResponse
+            httpServletResponse = Mockito.spy(new MockHttpServletResponse());
+
+            //reset httpServletRequest
+            httpServletRequest = new MockHttpServletRequest();
+
+            appSettings.setJwtControlEnabled(true);
+
+            Mockito.doReturn(null).when(jwtFilter).getAppSettings();
+
+            httpServletRequest.addHeader("Authorization", token);
+
+            jwtFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
+            assertEquals(HttpStatus.FORBIDDEN.value(),httpServletResponse.getStatus());
+            Mockito.verify(httpServletResponse).sendError(HttpServletResponse.SC_FORBIDDEN, "Application is getting initialized");
+
+        }
         // JWT Token enable and invalid token scenario
         {   
         	//reset filterchain