Expected Behavior
When using the org.springframework.security.core.userdetails.User.builder() it should be easy to create a new user without any authorities:
User.builder("name").password("pwd").build();
Current Behavior
The above fails with:
Caused by: java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.util.Assert.notNull(Assert.java:201) ~[spring-core-5.3.24.jar:5.3.24]
at org.springframework.security.core.userdetails.User.sortAuthorities(User.java:162) ~[spring-security-core-5.7.6.jar:5.7.6]
at org.springframework.security.core.userdetails.User.<init>(User.java:118) ~[spring-security-core-5.7.6.jar:5.7.6]
at org.springframework.security.core.userdetails.User$UserBuilder.build(User.java:504) ~[spring-security-core-5.7.6.jar:5.7.6]
at com.example.MySecurityConfiguration.asUserDetails(MySecurityConfiguration.java:42) ~[classes/:na]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[na:1.8.0_345]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384) ~[na:1.8.0_345]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482) ~[na:1.8.0_345]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472) ~[na:1.8.0_345]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[na:1.8.0_345]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[na:1.8.0_345]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566) ~[na:1.8.0_345]
at com.example.MySecurityConfiguration.inMemoryUserDetailsManager(MySecurityConfiguration.java:32) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_345]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_345]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_345]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_345]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.24.jar:5.3.24]
... 20 common frames omitted
Context
The above error makes creating a user a little more difficult than it could be. As a workaround you can do:
User.builder("name").password("pwd").roles().build();
I think that UserBuilder.authorities should default to an empty List.
Comment From: sjohnr
Thanks, @philwebb!
Because it's allowed using the workaround, I agree it probably should be the default. I'm not aware of anything in the framework that would prevent this change or make it seem like a bad idea, but it's possible I'm simply missing it. Hopefully not. :wink:
Comment From: SaiUpadhyayula
@philwebb @sjohnr Can I work on this issue?
Comment From: sjohnr
Sure @SaiUpadhyayula! I'll assign to you.
(I will mention that I may take some time to run this change past other team members before anything is merged.)
Comment From: stillya
@philwebb @sjohnr Hi, I have created PR to close this issue, can you take a look? I'm sorry, I didn't notice this issue already assigned, I took it yesterday.
Comment From: sjohnr
Thanks @stillya. Please note that it's always best to reach out prior to working on an issue for this very reason.
@SaiUpadhyayula had you already started? If not, would you be interested in taking another one?
Comment From: SaiUpadhyayula
@sjohnr Fine for me I can check other issues.