Improved rate limits processing filter to avoid NPE

2022-06-20 17:09:05 +03:00 · 2022-06-20 17:09:05 +03:00 · 8fa5fc8c3f
commit 8fa5fc8c3f
parent 6bf6893b30
2 changed files with 11 additions and 2 deletions
--- a/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
+++ b/application/src/main/java/org/thingsboard/server/config/RateLimitProcessingFilter.java
@ -15,9 +15,11 @@
 */
 package org.thingsboard.server.config;

+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@ -41,6 +43,7 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;

+@Slf4j
@Component
 public class RateLimitProcessingFilter extends GenericFilterBean {

@ -58,7 +61,13 @@ public class RateLimitProcessingFilter extends GenericFilterBean {
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        SecurityUser user = getCurrentUser();
        if (user != null && !user.isSystemAdmin()) {
-            var profileConfiguration = tenantProfileCache.get(user.getTenantId()).getDefaultProfileConfiguration();
+            var profile = tenantProfileCache.get(user.getTenantId());
+            if (profile == null) {
+                log.debug("[{}] Failed to lookup tenant profile", user.getTenantId());
+                errorResponseHandler.handle(new BadCredentialsException("Failed to lookup tenant profile"), (HttpServletResponse) response);
+                return;
+            }
+            var profileConfiguration = profile.getDefaultProfileConfiguration();
            if (!checkRateLimits(user.getTenantId(), profileConfiguration.getTenantServerRestLimitsConfiguration(), perTenantLimits, response)) {
                return;
            }
--- a/application/src/main/java/org/thingsboard/server/service/install/update/RateLimitsUpdater.java
+++ b/application/src/main/java/org/thingsboard/server/service/install/update/RateLimitsUpdater.java
@ -1,5 +1,5 @@
 /**
- * Copyright © 2016-2021 The Thingsboard Authors
+ * Copyright © 2016-2022 The Thingsboard Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.