Fixed NPE for unknown request in FilterChainProxy

Closes #18157

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>

Author: ronodhirSoumik

web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java

@@ -13,13 +13,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.web.servlet.util.matcher;
 
 import java.util.Objects;
 
-import jakarta.servlet.http.HttpServletRequest;
-
 import org.springframework.http.HttpMethod;
 import org.springframework.http.server.PathContainer;
 import org.springframework.http.server.RequestPath;
@@ -32,6 +29,8 @@
 import org.springframework.web.util.pattern.PathPattern;
 import org.springframework.web.util.pattern.PathPatternParser;
 
+import jakarta.servlet.http.HttpServletRequest;
+
 /**
  * A {@link RequestMatcher} that uses {@link PathPattern}s to match against each
  * {@link HttpServletRequest}. The provided path should be relative to the context path
@@ -336,7 +335,8 @@ private static final class HttpMethodRequestMatcher implements RequestMatcher {
 
 		@Override
 		public boolean matches(HttpServletRequest request) {
-			return this.method.name().equals(request.getMethod());
+			String requestMethod = request.getMethod();
+			return requestMethod != null && this.method.name().equals(requestMethod);
 		}
 
 		@Override

web/src/test/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcherTests.java

@@ -13,24 +13,22 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.springframework.security.web.servlet.util.matcher;
 
-import jakarta.servlet.Servlet;
-import jakarta.servlet.ServletContext;
-import jakarta.servlet.ServletRegistration;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import org.junit.jupiter.api.Test;
-
 import org.springframework.http.HttpMethod;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.web.servlet.MockServletContext;
+import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import org.springframework.web.util.ServletRequestPathUtils;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-import static org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.pathPattern;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import jakarta.servlet.Servlet;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletRegistration;
 
 /**
  * Tests for {@link PathPatternRequestMatcher}
@@ -146,6 +144,14 @@ void matcherWhenBasePathIsRootThenNoDoubleSlash() {
 		assertThat(matcher.matches(mock)).isTrue();
 	}
 
+	@Test
+	void matcherWhenRequestMethodIsNullThenNoNullPointerException() {
+		RequestMatcher matcher = pathPattern(HttpMethod.GET, "/");
+		MockHttpServletRequest mock = new MockHttpServletRequest(null, "/");
+		ServletRequestPathUtils.parseAndCache(mock);
+		assertThat(matcher.matches(mock)).isFalse();
+	}
+
 	MockHttpServletRequest request(String uri) {
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", uri);
 		ServletRequestPathUtils.parseAndCache(request);