concord-server, oidc, pfed-sso: improve handling of user sessions without UserPrincipal

ibodrov · ibodrov · commit 8887c506e88e · 2025-10-09T11:09:43.000-04:00
diff --git a/server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java b/server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java
@@ -78,7 +78,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @WithTimer
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 
diff --git a/server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java b/server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java
@@ -42,7 +42,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 
diff --git a/server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java b/server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java
@@ -123,7 +123,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 
diff --git a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java
@@ -99,7 +99,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)`
`78`	`78`	`@WithTimer`
`79`	`79`	`protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {`
`80`	`80`	`UserPrincipal p = principals.oneByType(UserPrincipal.class);`
`81`		`- if (!REALM_NAME.equals(p.getRealm())) {`
	`81`	`+ if (p == null \|\| !REALM_NAME.equals(p.getRealm())) {`
`82`	`82`	`return null;`
`83`	`83`	`}`
`84`	`84`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)`
`42`	`42`	`@Override`
`43`	`43`	`protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {`
`44`	`44`	`UserPrincipal p = principals.oneByType(UserPrincipal.class);`
`45`		`- if (!REALM_NAME.equals(p.getRealm())) {`
	`45`	`+ if (p == null \|\| !REALM_NAME.equals(p.getRealm())) {`
`46`	`46`	`return null;`
`47`	`47`	`}`
`48`	`48`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)`
`123`	`123`	`@Override`
`124`	`124`	`protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {`
`125`	`125`	`UserPrincipal p = principals.oneByType(UserPrincipal.class);`
`126`		`- if (!REALM_NAME.equals(p.getRealm())) {`
	`126`	`+ if (p == null \|\| !REALM_NAME.equals(p.getRealm())) {`
`127`	`127`	`return null;`
`128`	`128`	`}`
`129`	`129`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)`
`99`	`99`	`@Override`
`100`	`100`	`protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {`
`101`	`101`	`UserPrincipal p = principals.oneByType(UserPrincipal.class);`
`102`		`- if (!REALM_NAME.equals(p.getRealm())) {`
	`102`	`+ if (p == null \|\| !REALM_NAME.equals(p.getRealm())) {`
`103`	`103`	`return null;`
`104`	`104`	`}`
`105`	`105`