Spring Security IpAddressServerWebExchangeMatcher throws NullPointerException with framework forward-headers-strategy

Describe the bug When server.forward-headers-strategy=framework is used in a WebFlux project that makes use of an IpAddressServerWebExchangeMatcher a NullPointerException is thrown when a Forwarded or X-Forwarded-For header is present because the remoteAddress created by ForwardedHeaderTransformer is unresolved.

To Reproduce 1. Create a sample WebFlux project and set server.forward-headers-strategy=framework 2. Define a SecurityWebFilterChain bean that calls an IpAddressServerWebExchangeMatcher 3. Submit a request with a Forwarded or X-Forwarded-For header

Expected behavior The IpAddressServerWebExchangeMatcher should execute as normal with no exception thrown.

Sample server.forward-headers-strategy=framework

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity httpSecurity) {
        return httpSecurity
                .authorizeExchange(auth -> auth
                        .pathMatchers("/**")
                            .access((authentication, authorizationContext) ->
                                new IpAddressServerWebExchangeMatcher("255.255.255.255")
                                        .matches(authorizationContext.getExchange())
                                        .map(matchResult -> new AuthorizationDecision(matchResult.isMatch()))))
                .build();
    }

Comment From: dsbecker

Submitted PR to fix this: https://github.com/spring-projects/spring-security/pull/11889

Comment From: jzheaux

Closed in 2b426872a32d9120d4834780ed2e1e9e7a6dde12