Merge pull request #4461 from geoand/defensive-send-challenge

Be defensive with closeTask in HttpAuthenticator#sendChallenge
quarkusio · Oct 9, 2019 · 180a1f7 · 180a1f7
2 parents dd59793 + ae338e0
commit 180a1f7
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/...-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java b/...-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
@@ -75,6 +75,9 @@ public CompletionStage<SecurityIdentity> attemptAuthentication(RoutingContext ro
      * @return
      */
     public CompletionStage<Void> sendChallenge(RoutingContext routingContext, Runnable closeTask) {
+        if (closeTask == null) {
+            closeTask = NoopCloseTask.INSTANCE;
+        }
         if (mechanism == null) {
             routingContext.response().setStatusCode(HttpResponseStatus.FORBIDDEN.code());
             closeTask.run();
@@ -83,4 +86,14 @@ public CompletionStage<Void> sendChallenge(RoutingContext routingContext, Runnab
         return mechanism.sendChallenge(routingContext).thenRun(closeTask);
     }
 
+    static class NoopCloseTask implements Runnable {
+
+        static final NoopCloseTask INSTANCE = new NoopCloseTask();
+
+        @Override
+        public void run() {
+
+        }
+    }
+
 }