Spring Security This could be a bug that no check null in AuthorityUtils.java.

I guess there is a bug in org.springframework.security.core.authority.AuthorityUtils.java

public static Set<String> authorityListToSet(
        Collection<? extends GrantedAuthority> userAuthorities) {

/* No test parameters  userAuthorities, it may be null and led to NullPointException */

        Set<String> set = new HashSet<>(userAuthorities.size());
        for (GrantedAuthority authority : userAuthorities) {
        set.add(authority.getAuthority());
    }
    return set;
}

Comment From: jzheaux

Good catch, @JokerSun! Would you like to contribute a PR that adds an Assert to the beginning of this method?

Comment From: JokerSun

@jzheaux Well,i will fix this bug and contribute a PR later, thanks for your supporting.

Comment From: JokerSun

https://github.com/spring-projects/spring-security/pull/6775#issue-270215990