Describe the bug java.lang.UnsupportedOperationException: null raised when filtering collections
To Reproduce Add @postfilter annotation to your controller end point. Let the method return collection
Expected behavior The collection is filtered according to the PostFilter condition
Sample https://github.com/gcorsaro/bugdemos/tree/master/bugsecuritydemo
The error is raised when collection.clear() is called in DefaultMethodSecurityExpressionHandler.filter method.
Tested with spring boot 2.2.0.RELEASE and spring boot 2.2.6.RELEASE
Comment From: antonin-arquey
After looking at it, it is caused by the attempt to call clear()on an Arrays$ArrayList.
Arrays.asList() returns a list that doesn't allow operations affecting its size so we get an UnsupportedOperationException.
The code clearing and adding the retainList in the filter method can probably be removed as nothing is done with it before returning.
collection.clear();
collection.addAll(retainList);
return filterTarget;
There is also the same potential issue when the filterTarget is a Map in the same method.
map.clear();
map.putAll(retainMap);
return filterTarget;
Comment From: rwinch
Thanks for the report. This is a duplicate of gh-2316
Comment From: gcorsaro
Hello @rwinch , just one remark. In the attached example I used a normal List, not immutable. The gh-2316 is referred to immutable collections only so I don't know if this can be considered as duplicate of that ticket.
Comment From: rwinch
@gcorsaro Thanks for pointing out that out. I've updated the description to describe that this should work for fixed size collections which is a more accurate description of what we needing to be supported