cloudfoundry · strehle · Oct 25, 2023 · Oct 25, 2023
diff --git a/...rc/main/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidator.java b/...rc/main/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidator.java
@@ -18,6 +18,7 @@
 import org.passay.PasswordValidator;
 import org.passay.PropertiesMessageResolver;
 import org.passay.RuleResult;
+import org.springframework.util.StringUtils;
 
 import java.util.LinkedList;
 import java.util.List;
@@ -71,7 +72,7 @@ public ZoneAwareClientSecretPolicyValidator(ClientSecretPolicy globalDefaultClie
 
     @Override
     public void validate(String clientSecret) throws InvalidClientSecretException {
-        if(clientSecret == null) {
+        if(!StringUtils.hasText(clientSecret)) {
             return;
         }
 

diff --git a/...st/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java b/...st/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java
@@ -39,7 +39,7 @@ void setUp() {
     @Test
     void testEmptyClientSecret() {
         zone.getConfig().setClientSecretPolicy(defaultPolicy);
-        assertThrows(InvalidClientSecretException.class, () -> validator.validate(TEST_SECRET_1));
+        validator.validate(TEST_SECRET_1);
     }
 
     @Test

diff --git a/.../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java b/.../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java
@@ -25,6 +25,7 @@
 import org.cloudfoundry.identity.uaa.resources.SearchResults;
 import org.cloudfoundry.identity.uaa.test.TestAccountSetup;
 import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
+import org.cloudfoundry.identity.uaa.util.UaaStringUtils;
 import org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
@@ -170,6 +171,21 @@ public void createClientWithSecondarySecret() {
         assertEquals(HttpStatus.CREATED, result.getStatusCode());
     }
 
+    @Test
+    public void createClientWithEmptySecret() {
+        OAuth2AccessToken token = getClientCredentialsAccessToken("clients.admin");
+        HttpHeaders headers = getAuthenticatedHeaders(token);
+        var client = new ClientDetailsCreation();
+        client.setClientId(new RandomValueStringGenerator().generate());
+        client.setClientSecret(UaaStringUtils.EMPTY_STRING);
+        client.setAuthorizedGrantTypes(List.of("password"));
+
+        ResponseEntity<Void> result = serverRunning.getRestTemplate()
+                .exchange(serverRunning.getUrl("/oauth/clients"), HttpMethod.POST,
+                        new HttpEntity<>(client, headers), Void.class);
+        assertEquals(HttpStatus.CREATED, result.getStatusCode());
+    }
+
     @Test
     public void testCreateClients() throws Exception {
         doCreateClients();