From f14955a019744f050524d3d90144e85366f8ff11 Mon Sep 17 00:00:00 2001 From: Ludy Date: Fri, 5 Sep 2025 11:59:24 +0200 Subject: [PATCH] fix(security): prevent NPE on logout when JWT service is unavailable (#4390) --- .../security/CustomLogoutSuccessHandler.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/CustomLogoutSuccessHandler.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/CustomLogoutSuccessHandler.java index 136120528..06bd8b38b 100644 --- a/app/proprietary/src/main/java/stirling/software/proprietary/security/CustomLogoutSuccessHandler.java +++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/CustomLogoutSuccessHandler.java @@ -71,9 +71,12 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { authentication.getClass().getSimpleName()); getRedirectStrategy().sendRedirect(request, response, LOGOUT_PATH); } - } else if (!jwtService.extractToken(request).isBlank()) { - jwtService.clearToken(response); - getRedirectStrategy().sendRedirect(request, response, LOGOUT_PATH); + } else if (jwtService != null) { + String token = jwtService.extractToken(request); + if (token != null && !token.isBlank()) { + jwtService.clearToken(response); + getRedirectStrategy().sendRedirect(request, response, LOGOUT_PATH); + } } else { // Redirect to login page after logout String path = checkForErrors(request); @@ -165,7 +168,8 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { log.info("Redirecting to Keycloak logout URL: {}", logoutUrl); } else { log.info( - "No redirect URL for {} available. Redirecting to default logout URL: {}", + "No redirect URL for {} available. Redirecting to default logout URL:" + + " {}", registrationId, logoutUrl); }