fix(security): prevent NPE on logout when JWT service is unavailable (#4390)

2025-09-08 17:51:20 +02:00 · 2025-09-05 11:59:24 +02:00 · 2025-09-05 11:59:24 +02:00 · f14955a019
commit f14955a019
parent dde6cc2d49
1 changed files with 8 additions and 4 deletions
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/CustomLogoutSuccessHandler.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/CustomLogoutSuccessHandler.java
@ -71,9 +71,12 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
                            authentication.getClass().getSimpleName());
                    getRedirectStrategy().sendRedirect(request, response, LOGOUT_PATH);
                }
-            } else if (!jwtService.extractToken(request).isBlank()) {
+            } else if (jwtService != null) {
-                jwtService.clearToken(response);
+                String token = jwtService.extractToken(request);
-                getRedirectStrategy().sendRedirect(request, response, LOGOUT_PATH);
+                if (token != null && !token.isBlank()) {
                    jwtService.clearToken(response);
                    getRedirectStrategy().sendRedirect(request, response, LOGOUT_PATH);
                }
            } else {
                // Redirect to login page after logout
                String path = checkForErrors(request);
@ -165,7 +168,8 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
                    log.info("Redirecting to Keycloak logout URL: {}", logoutUrl);
                } else {
                    log.info(
-                            "No redirect URL for {} available. Redirecting to default logout URL: {}",
+                            "No redirect URL for {} available. Redirecting to default logout URL:"
                                    + " {}",
                            registrationId,
                            logoutUrl);
                }